Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Analysis ID:1431465
MD5:0712a91d8604bdd111ea4f9e783b3083
SHA1:3d70cf48c5a9d38bfac0f2f744bf00ffcede9e9d
SHA256:c38982211b0b80699e6379501fe48ca594727fffdd580eb1dc5c05aa06bd6d04
Tags:exe
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeReversingLabs: Detection: 25%
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeVirustotal: Detection: 27%Perma Link
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeWindow detected: You can also use the /accepteula command-line switch to accept the EULA.&Agree&Decline&PrintSYSINTERNALS SOFTWARE LICENSE TERMSThese license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Sysinternals.com which includes the media on which you received it if any. The terms also apply to any SysinternalsupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notwork around any technical limitations in the binary versions of the software;reverse engineer decompile or disassemble the binary versions of the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.SENSITIVE INFORMATION. Please be aware that similar to other debug tools that capture "process state" information files saved by Sysinternals tools may include personally identifiable or other sensitive information (such as usernames passwords paths to files accessed and paths to registry accessed). By using this software you acknowledge that you are aware of this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft or any other party through your use of the software.. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.6.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <<http://www.microsoft.com/exporting>>.7.SUPPORT SERVICES. Because this software is "as is "
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\s\pssuspend\exe\x64\Release\pssuspend64.pdb source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: Binary string: D:\a\1\s\pssuspend\svc\x64\Release\psspndsvc.pdb source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: Binary string: D:\a\1\s\pssuspend\exe\x64\Release\pssuspend64.pdb- source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95810A8 FindFirstFileExW,0_2_00007FF7D95810A8
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeString found in binary or memory: http://www.microsoft.co
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeString found in binary or memory: https://www.sysinternals.com0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95636F0 GetComputerNameA,gethostname,gethostbyname,inet_ntoa,OpenSCManagerA,CreateServiceA,GetLastError,GetLastError,SetLastError,WaitForSingleObject,SetLastError,CloseServiceHandle,GetLastError,CloseServiceHandle,SetLastError,GetLastError,GetStdHandle,GetConsoleScreenBufferInfo,OpenSCManagerA,OpenServiceA,DeleteService,CloseServiceHandle,CloseServiceHandle,GetComputerNameA,GetSystemDirectoryA,DeleteFileA,GetLastError,Sleep,0_2_00007FF7D95636F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95722600_2_00007FF7D9572260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D956F1DC0_2_00007FF7D956F1DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D956E9BC0_2_00007FF7D956E9BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95704940_2_00007FF7D9570494
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9585C740_2_00007FF7D9585C74
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D957731C0_2_00007FF7D957731C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9572B280_2_00007FF7D9572B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D956EBC80_2_00007FF7D956EBC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D957DBD40_2_00007FF7D957DBD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9570BB00_2_00007FF7D9570BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95726640_2_00007FF7D9572664
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9561E200_2_00007FF7D9561E20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9571E280_2_00007FF7D9571E28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D957D5540_2_00007FF7D957D554
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95855D80_2_00007FF7D95855D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D956EDCC0_2_00007FF7D956EDCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9576DA00_2_00007FF7D9576DA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D957082C0_2_00007FF7D957082C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95700F80_2_00007FF7D95700F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D958410C0_2_00007FF7D958410C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95800EC0_2_00007FF7D95800EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D957D0C00_2_00007FF7D957D0C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95810A80_2_00007FF7D95810A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D957A7300_2_00007FF7D957A730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D956EFD80_2_00007FF7D956EFD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D956E7B80_2_00007FF7D956E7B8
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: invalid certificate
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: Resource name: BINRES type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe, 00000000.00000002.2085127651.00000288AAA4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameP.E.S.P..........L* vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe, 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamepsspndsv.exe^ vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe, 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameP.E.S.P..........L* vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeBinary or memory string: OriginalFilenamepsspndsv.exe^ vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeBinary or memory string: OriginalFilenameP.E.S.P..........L* vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: classification engineClassification label: mal48.winEXE@2/1@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9563180 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,0_2_00007FF7D9563180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: GetComputerNameA,gethostname,gethostbyname,inet_ntoa,OpenSCManagerA,CreateServiceA,GetLastError,GetLastError,SetLastError,WaitForSingleObject,SetLastError,CloseServiceHandle,GetLastError,CloseServiceHandle,SetLastError,GetLastError,GetStdHandle,GetConsoleScreenBufferInfo,OpenSCManagerA,OpenServiceA,DeleteService,CloseServiceHandle,CloseServiceHandle,GetComputerNameA,GetSystemDirectoryA,DeleteFileA,GetLastError,Sleep,0_2_00007FF7D95636F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9563260 FindResourceA,LoadResource,SizeofResource,LockResource,0_2_00007FF7D9563260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95642D0 GetTickCount,CloseServiceHandle,OpenServiceA,StartServiceA,GetLastError,QueryServiceStatus,GetTickCount,Sleep,QueryServiceStatus,SetLastError,GetLastError,CloseServiceHandle,SetLastError,0_2_00007FF7D95642D0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2020:120:WilError_03
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeReversingLabs: Detection: 25%
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeVirustotal: Detection: 27%
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeString found in binary or memory: %s -install to install the service
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeString found in binary or memory: %s -install to install the service
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeString found in binary or memory: .*PSINFSVCinstallremovedebugPsInfSvc%s -install to install the service
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: riched32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeWindow found: window name: RICHEDITJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeFile opened: C:\Windows\SYSTEM32\Riched32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeWindow detected: You can also use the /accepteula command-line switch to accept the EULA.&Agree&Decline&PrintSYSINTERNALS SOFTWARE LICENSE TERMSThese license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Sysinternals.com which includes the media on which you received it if any. The terms also apply to any SysinternalsupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notwork around any technical limitations in the binary versions of the software;reverse engineer decompile or disassemble the binary versions of the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.SENSITIVE INFORMATION. Please be aware that similar to other debug tools that capture "process state" information files saved by Sysinternals tools may include personally identifiable or other sensitive information (such as usernames passwords paths to files accessed and paths to registry accessed). By using this software you acknowledge that you are aware of this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft or any other party through your use of the software.. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.6.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <<http://www.microsoft.com/exporting>>.7.SUPPORT SERVICES. Because this software is "as is "
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\s\pssuspend\exe\x64\Release\pssuspend64.pdb source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: Binary string: D:\a\1\s\pssuspend\svc\x64\Release\psspndsvc.pdb source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: Binary string: D:\a\1\s\pssuspend\exe\x64\Release\pssuspend64.pdb- source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: real checksum: 0x789eb should be: 0x77a44
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9578738 push rax; retf 0001h0_2_00007FF7D957873D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95642D0 GetTickCount,CloseServiceHandle,OpenServiceA,StartServiceA,GetLastError,QueryServiceStatus,GetTickCount,Sleep,QueryServiceStatus,SetLastError,GetLastError,CloseServiceHandle,SetLastError,0_2_00007FF7D95642D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95810A8 FindFirstFileExW,0_2_00007FF7D95810A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D956620C VirtualQuery,GetSystemInfo,0_2_00007FF7D956620C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95674C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D95674C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9582854 GetProcessHeap,0_2_00007FF7D9582854
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D956720C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7D956720C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95674C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D95674C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D956CE94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D956CE94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9567670 SetUnhandledExceptionFilter,0_2_00007FF7D9567670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95805B0 cpuid 0_2_00007FF7D95805B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D95676DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7D95676DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exeCode function: 0_2_00007FF7D9561850 GetVersionExA,LoadLibraryExA,SetLastError,0_2_00007FF7D9561850

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		12
Windows Service		1
Access Token Manipulation		1
Access Token Manipulation		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts12
Service Execution		1
DLL Side-Loading		12
Windows Service		1
Process Injection		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Process Injection		1
DLL Side-Loading		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Obfuscated Files or Information		NTDS14
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe25%ReversingLabsWin64.Trojan.Generic
SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe27%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.microsoft.co0%Avira URL Cloudsafe
https://www.sysinternals.com00%Avira URL Cloudsafe
http://www.microsoft.co1%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.sysinternals.com0SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exefalse
  • Avira URL Cloud: safe
unknown
http://www.microsoft.coSecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exefalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431465
Start date and time:2024-04-25 08:24:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 2m 16s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:3
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Detection:MAL
Classification:mal48.winEXE@2/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 98%
  • Number of executed functions: 18
  • Number of non-executed functions: 77
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

\Device\ConDrv

Download File
Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):559
Entropy (8bit):4.593386417479181
Encrypted:false
SSDEEP:12:vQ71yvCbGpywpw+EX2bhIy/IEEvPIws5qu8bHqSpa:ZvVHvh/fuQDsuj
MD5:AAB4C6FF59E7CAAD746FB19778CB2F0A
SHA1:ADC9156F62548FD1D1B5A7C6FD33E851B14360F2
SHA-256:0751DAD8F452C4537E7ABF6E4ED806673BF2CC2A1099CDF407FF9D0B38F89CB3
SHA-512:863F76FABC5AEB1A09E4F106A8B98AABC1C8EF4EE93F3C4266043B2B096A590683DB73AA08DEFA52522AE6DBCA26D541239CFD8573200E512A11B58F3F0F39BF
Malicious:false
Reputation:low
Preview:..????????. v1.08 - File Saver..Copyright (C) 2023-2024 The Goat..The Goat LLC....PsSuspend suspends or resumes processes on a local or remote NT system.....Usage: pssuspend [-r] [\\RemoteComputer [-u Username [-p Password]]] <process Id or name>.. -r Resume... -u Specifies optional user name for login to.. remote computer... -p Specifies optional password for user name. If you omit this.. you will be prompted to enter a hidden password... -nobanner Do not display the startup banner and copyright message.....

Static File Info

General

File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):6.35392197970401
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
File size:480'136 bytes
MD5:0712a91d8604bdd111ea4f9e783b3083
SHA1:3d70cf48c5a9d38bfac0f2f744bf00ffcede9e9d
SHA256:c38982211b0b80699e6379501fe48ca594727fffdd580eb1dc5c05aa06bd6d04
SHA512:4172c3899ca8137003cd02555db49bc1d0fc79a121c20ce70e1e36f44ce9e34e52edf1525cea2cd2503215ecf0ea622d011dcc45f63a25e4b217e3000adaf2a9
SSDEEP:6144:xmnG+egsZWSeVqI/bA/7eCBl/F05lveyohDrwNx9cJ1crg/WkucbXsZZIxQADzm:IGR5UVz/bqaeldYhotwNM7cryouXQR
TLSH:ECA46B15B3E904F5F9B7663889719606EB327C524B30D65F03A0826A5F37B909D3EB32
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Y...Y...Y...X...Y...X...Y...X...Y...X...Y...X...Y...X...Y...Y...Y...X...Yi..X...Yi..X...Yi..Y...Y...Y...Yi..X...YRich...

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x140007020
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x6425AB72 [Thu Mar 30 15:32:02 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:50bbe0b584a6c8bbc1f492ac8caa2e72

Authenticode Signature

Signature Valid:false
Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:The digital signature of the object did not verify
Error Number:-2146869232
Not Before, Not After
  • 12/05/2022 22:45:59 11/05/2023 22:45:59
Subject Chain
  • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:3
Thumbprint MD5:EAF99B1CDFF361CB066EC1CDB5FD68ED
Thumbprint SHA-1:F372C27F6E052A6BE8BAB3112B465C692196CD6F
Thumbprint SHA-256:6DFB94C073BA075667FCC19AB327AE679D84F2A2BCF76CC21ABFC9B93FEE61A5
Serial:33000002CBB77539FB027142360000000002CB

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F0C546EB4F8h
dec eax
add esp, 28h
jmp 00007F0C546EACB7h
int3
int3
retn 0000h
int3
dec eax
mov dword ptr [esp+10h], ebx
dec eax
mov dword ptr [esp+18h], esi
push edi
dec eax
sub esp, 10h
xor eax, eax
xor ecx, ecx
cpuid
inc esp
mov eax, ecx
inc ebp
xor ebx, ebx
inc esp
mov edx, edx
inc ecx
xor eax, 6C65746Eh
inc ecx
xor edx, 49656E69h
inc esp
mov ecx, ebx
mov esi, eax
xor ecx, ecx
inc ecx
lea eax, dword ptr [ebx+01h]
inc ebp
or edx, eax
cpuid
inc ecx
xor ecx, 756E6547h
mov dword ptr [esp], eax
inc ebp
or edx, ecx
mov dword ptr [esp+04h], ebx
mov edi, ecx
mov dword ptr [esp+08h], ecx
mov dword ptr [esp+0Ch], edx
jne 00007F0C546EAE9Dh
dec eax
or dword ptr [0003C1BFh], FFFFFFFFh
and eax, 0FFF3FF0h
dec eax
mov dword ptr [0003C1A7h], 00008000h
cmp eax, 000106C0h
je 00007F0C546EAE6Ah
cmp eax, 00020660h
je 00007F0C546EAE63h
cmp eax, 00020670h
je 00007F0C546EAE5Ch
add eax, FFFCF9B0h
cmp eax, 20h
jnbe 00007F0C546EAE66h
dec eax
mov ecx, 00010001h
add dword ptr [eax], eax
add byte ptr [eax], al
dec eax
bt ecx, eax
jnc 00007F0C546EAE56h
inc esp
mov eax, dword ptr [0003D339h]
inc ecx
or eax, 01h
inc esp
mov dword ptr [0000D32Eh], eax

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x412400x8c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000x2e0f9.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x2058.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x72c000x2788.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC0x790000x7f4.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x3e2880x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x326200x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x4a0.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x40fec0x60.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x287780x28800b821ace07a49bfbad08c2f9142cb27c7False0.5406418788580247data6.541865347222563IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x2a0000x181a80x182007bbfcb14306b28e42e7761bb3cd827f6False0.4528821243523316data5.316390233087418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x430000x26dc0x10004769af3f7a9dcf615d194cc862601796False0.176025390625data2.410920574190964IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x460000x20580x220076ba10981a7c3c5845f4a2729e14ace4False0.46438419117647056data5.26104149930181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x490000x15c0x20052c7f41fa1990f4e6f5ca9b8b0bddb0eFalse0.396484375data2.8284522105538636IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x4a0000x2e0f90x2e2001385a87db5a8b3301041ededa5f37dd1False0.5121157266260162data6.2430415076847225IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x790000x7f40x80049312892b0fbce7d2eb00814d19bdb42False0.56396484375data5.422665571481966IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
BINRES0x4a10c0x2db98PE32+ executable (console) x86-64, for MS WindowsEnglishUnited States0.5152065268463543
RT_VERSION0x77ca40x2d8dataEnglishUnited States0.4684065934065934
RT_MANIFEST0x77f7c0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

Imports

DLLImport
WS2_32.dllWSAStartup, gethostname, gethostbyname, inet_ntoa
MPR.dllWNetCancelConnection2A, WNetAddConnection2A
VERSION.dllGetFileVersionInfoA, GetFileVersionInfoSizeW, GetFileVersionInfoSizeA, GetFileVersionInfoW, VerQueryValueW, VerQueryValueA
KERNEL32.dllGetFileType, GetModuleHandleA, GetProcAddress, LocalAlloc, LocalFree, GetModuleFileNameA, GetModuleFileNameW, VerSetConditionMask, CreateFileA, DeleteFileA, WriteFile, CloseHandle, WaitForSingleObject, GetCommandLineW, GetCurrentProcess, GetTickCount, GetSystemDirectoryA, FreeLibrary, LoadResource, LockResource, SizeofResource, FormatMessageA, FindResourceA, VerifyVersionInfoA, WideCharToMultiByte, GetConsoleScreenBufferInfo, OpenProcess, ReadFile, GetFileSizeEx, LoadLibraryExA, GetStdHandle, GetVersionExA, SetLastError, GetComputerNameA, GetLastError, SetFilePointerEx, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, HeapSize, WriteConsoleW, Sleep, InitializeCriticalSectionEx, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, GetModuleHandleW, EnterCriticalSection, LeaveCriticalSection, SetEndOfFile, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, GetStringTypeW, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, RtlUnwind, GetConsoleCP, ExitProcess, GetModuleHandleExW, SetStdHandle, CreateThread, ExitThread, FreeLibraryAndExitThread, GetCommandLineA, HeapAlloc, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, CreateFileW, SetConsoleMode, ReadConsoleInputW, ReadConsoleW
COMDLG32.dllPrintDlgA
ADVAPI32.dllStartServiceA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle, LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken, RegSetValueExA, RegQueryValueExW, RegQueryValueExA, RegOpenKeyExA, RegOpenKeyA, RegCreateKeyA, RegCloseKey

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:08:24:55
Start date:25/04/2024
Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe"
Imagebase:0x7ff7d9560000
File size:480'136 bytes
MD5 hash:0712A91D8604BDD111EA4F9E783B3083
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

General

Target ID:1
Start time:08:24:55
Start date:25/04/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff6d64d0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:4.7%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:15.2%
    Total number of Nodes:1666
    Total number of Limit Nodes:20
    execution_graph 17953 7ff7d9561094 17954 7ff7d9566d28 17953->17954 17957 7ff7d9566cec 17954->17957 17956 7ff7d9566d31 17958 7ff7d9566d06 17957->17958 17960 7ff7d9566cff 17957->17960 17961 7ff7d957aa7c 17958->17961 17960->17956 17964 7ff7d957a6b8 17961->17964 17971 7ff7d9576c04 EnterCriticalSection 17964->17971 17743 7ff7d9574d91 17744 7ff7d957aef0 __GSHandlerCheck_EH 47 API calls 17743->17744 17745 7ff7d9574d96 17744->17745 17746 7ff7d9574dbd GetModuleHandleW 17745->17746 17747 7ff7d9574e07 17745->17747 17746->17747 17753 7ff7d9574dca 17746->17753 17755 7ff7d9574c94 17747->17755 17750 7ff7d9574e4a 17753->17747 17769 7ff7d9574eb8 GetModuleHandleExW 17753->17769 17775 7ff7d9576c04 EnterCriticalSection 17755->17775 17757 7ff7d9574cb0 17758 7ff7d9574ccc 11 API calls 17757->17758 17759 7ff7d9574cb9 17758->17759 17760 7ff7d9576c58 BuildCatchObjectHelperInternal LeaveCriticalSection 17759->17760 17761 7ff7d9574cc1 17760->17761 17761->17750 17762 7ff7d9574e60 17761->17762 17776 7ff7d9574e94 17762->17776 17764 7ff7d9574e6d 17765 7ff7d9574e71 GetCurrentProcess TerminateProcess 17764->17765 17766 7ff7d9574e82 17764->17766 17765->17766 17767 7ff7d9574eb8 3 API calls 17766->17767 17768 7ff7d9574e89 ExitProcess 17767->17768 17770 7ff7d9574eec GetProcAddress 17769->17770 17771 7ff7d9574f15 17769->17771 17772 7ff7d9574efe 17770->17772 17773 7ff7d9574f1a FreeLibrary 17771->17773 17774 7ff7d9574f21 17771->17774 17772->17771 17773->17774 17774->17747 17779 7ff7d957e918 17776->17779 17778 7ff7d9574e9d 17778->17764 17780 7ff7d957e929 17779->17780 17781 7ff7d957e937 17780->17781 17783 7ff7d957b984 17780->17783 17781->17778 17784 7ff7d957b7c8 __crtLCMapStringW 5 API calls 17783->17784 17785 7ff7d957b9ac 17784->17785 17785->17781 17786 7ff7d9561940 17787 7ff7d956196e 17786->17787 17796 7ff7d95619f3 17786->17796 17788 7ff7d9561998 17787->17788 17789 7ff7d9561973 17787->17789 17790 7ff7d95619e0 EndDialog 17788->17790 17791 7ff7d95619a1 17788->17791 17792 7ff7d9561978 GetDlgItem 17789->17792 17803 7ff7d9561988 __std_exception_destroy 17789->17803 17790->17803 17793 7ff7d95619a6 17791->17793 17794 7ff7d95619d0 EndDialog 17791->17794 17792->17803 17795 7ff7d95619b5 GetDlgItem 17793->17795 17793->17803 17794->17803 17804 7ff7d9561e20 GetModuleHandleA PrintDlgA 17795->17804 17800 7ff7d95628b0 51 API calls 17796->17800 17797 7ff7d95669e0 _log10_special 8 API calls 17798 7ff7d9561b68 17797->17798 17802 7ff7d9561ae1 SetDlgItemTextA GetDlgItem SendMessageA GetDlgItem SendMessageA 17800->17802 17802->17803 17803->17797 17807 7ff7d9561ea1 SendMessageA 17804->17807 17812 7ff7d956208d 17804->17812 17805 7ff7d95669e0 _log10_special 8 API calls 17806 7ff7d95619cb 17805->17806 17806->17803 17809 7ff7d9561fee SendMessageA 17807->17809 17813 7ff7d9562012 17809->17813 17810 7ff7d956206e SendMessageA 17810->17812 17811 7ff7d9562045 SendMessageA 17811->17813 17812->17805 17813->17810 17813->17811 18472 7ff7d957ae18 18475 7ff7d957ad9c 18472->18475 18482 7ff7d9576c04 EnterCriticalSection 18475->18482 19422 7ff7d956d32c 19423 7ff7d956d337 19422->19423 19431 7ff7d957be34 19423->19431 19444 7ff7d9576c04 EnterCriticalSection 19431->19444 18519 7ff7d957b234 18520 7ff7d957b239 18519->18520 18524 7ff7d957b24e 18519->18524 18525 7ff7d957b254 18520->18525 18526 7ff7d957b296 18525->18526 18530 7ff7d957b29e 18525->18530 18528 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18526->18528 18527 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18529 7ff7d957b2ab 18527->18529 18528->18530 18531 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18529->18531 18530->18527 18532 7ff7d957b2b8 18531->18532 18533 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18532->18533 18534 7ff7d957b2c5 18533->18534 18535 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18534->18535 18536 7ff7d957b2d2 18535->18536 18537 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18536->18537 18538 7ff7d957b2df 18537->18538 18539 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18538->18539 18540 7ff7d957b2ec 18539->18540 18541 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18540->18541 18542 7ff7d957b2f9 18541->18542 18543 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18542->18543 18544 7ff7d957b309 18543->18544 18545 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18544->18545 18546 7ff7d957b319 18545->18546 18551 7ff7d957b104 18546->18551 18565 7ff7d9576c04 EnterCriticalSection 18551->18565 19537 7ff7d95893bf 19538 7ff7d95893d8 19537->19538 19539 7ff7d95893ce 19537->19539 19541 7ff7d9576c58 LeaveCriticalSection 19539->19541 15411 7ff7d9566ea4 15432 7ff7d9566b2c 15411->15432 15414 7ff7d9566ffb 15522 7ff7d95674c4 IsProcessorFeaturePresent 15414->15522 15415 7ff7d9566ec5 __scrt_acquire_startup_lock 15417 7ff7d9567005 15415->15417 15423 7ff7d9566ee3 __scrt_release_startup_lock 15415->15423 15418 7ff7d95674c4 7 API calls 15417->15418 15420 7ff7d9567010 BuildCatchObjectHelperInternal 15418->15420 15419 7ff7d9566f08 15421 7ff7d9566f8e 15440 7ff7d957a660 15421->15440 15423->15419 15423->15421 15511 7ff7d9574f5c 15423->15511 15425 7ff7d9566f93 15446 7ff7d9565b30 15425->15446 15427 7ff7d9566fb0 15516 7ff7d956761c GetModuleHandleW 15427->15516 15430 7ff7d9566fb7 15430->15420 15518 7ff7d9566cc0 15430->15518 15529 7ff7d9567038 15432->15529 15435 7ff7d9566b5b 15531 7ff7d957abf0 15435->15531 15436 7ff7d9566b57 15436->15414 15436->15415 15441 7ff7d957a685 15440->15441 15442 7ff7d957a670 15440->15442 15441->15425 15442->15441 15574 7ff7d957a300 15442->15574 16084 7ff7d9563490 GetModuleFileNameA GetFileVersionInfoSizeA 15446->16084 15451 7ff7d9565b83 16102 7ff7d9564fd0 15451->16102 15452 7ff7d9565b5f 16110 7ff7d9561800 15452->16110 15455 7ff7d9565b6b 15456 7ff7d95669e0 _log10_special 8 API calls 15455->15456 15457 7ff7d9565b7d 15456->15457 15457->15427 15460 7ff7d9565ec1 15464 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 15460->15464 15461 7ff7d9565c18 15465 7ff7d9564f40 47 API calls 15461->15465 15467 7ff7d9565ed1 15464->15467 15468 7ff7d9565c2a 15465->15468 15470 7ff7d9565c62 std::exception_ptr::_Current_exception 15468->15470 15475 7ff7d9565ebb 15468->15475 15469 7ff7d9565bc2 15469->15460 15472 7ff7d9565bfa std::exception_ptr::_Current_exception 15469->15472 15471 7ff7d9565d7e 15470->15471 16148 7ff7d9576554 15470->16148 16227 7ff7d95645f0 15471->16227 16131 7ff7d95614f0 GetComputerNameA 15472->16131 16245 7ff7d956d180 15475->16245 15477 7ff7d9565ca7 15477->15471 15480 7ff7d9565caf 15477->15480 16156 7ff7d95652b0 15480->16156 15481 7ff7d9565e1e 15483 7ff7d9565e2e 15481->15483 15484 7ff7d9565e55 15481->15484 15482 7ff7d9565da3 15486 7ff7d9565dbd 15482->15486 15487 7ff7d9565dd6 15482->15487 15488 7ff7d9561800 80 API calls 15483->15488 15490 7ff7d9565e68 15484->15490 15491 7ff7d9565e81 15484->15491 15492 7ff7d9561800 80 API calls 15486->15492 15493 7ff7d9561800 80 API calls 15487->15493 15494 7ff7d9565d15 15488->15494 15495 7ff7d9561800 80 API calls 15490->15495 15497 7ff7d9561800 80 API calls 15491->15497 15496 7ff7d9565dd4 15492->15496 15493->15496 15507 7ff7d95669e0 _log10_special 8 API calls 15494->15507 15495->15494 15500 7ff7d9565e0d 15496->15500 15501 7ff7d9565df9 15496->15501 15497->15494 15498 7ff7d9565cdb 15504 7ff7d9565d1a 15498->15504 15505 7ff7d9565ce4 15498->15505 15499 7ff7d9565d49 15502 7ff7d9561800 80 API calls 15499->15502 16238 7ff7d95635c0 15500->16238 15506 7ff7d9561800 80 API calls 15501->15506 15502->15494 15510 7ff7d9561800 80 API calls 15504->15510 15509 7ff7d9561800 80 API calls 15505->15509 15506->15494 15508 7ff7d9565eb5 15507->15508 15508->15427 15509->15494 15510->15494 15512 7ff7d9574f73 15511->15512 15513 7ff7d9574f94 15511->15513 15512->15421 17738 7ff7d957aef0 15513->17738 15517 7ff7d956762d 15516->15517 15517->15430 15519 7ff7d9566cd1 15518->15519 15520 7ff7d9566ce1 15519->15520 15521 7ff7d95695d8 __scrt_initialize_crt 7 API calls 15519->15521 15520->15419 15521->15520 15523 7ff7d95674ea memcpy_s _invalid_parameter_noinfo_noreturn 15522->15523 15524 7ff7d9567509 RtlCaptureContext RtlLookupFunctionEntry 15523->15524 15525 7ff7d956756e memcpy_s 15524->15525 15526 7ff7d9567532 RtlVirtualUnwind 15524->15526 15527 7ff7d95675a0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15525->15527 15526->15525 15528 7ff7d95675f2 _invalid_parameter_noinfo_noreturn 15527->15528 15528->15417 15530 7ff7d9566b4e __scrt_dllmain_crt_thread_attach 15529->15530 15530->15435 15530->15436 15532 7ff7d958287c 15531->15532 15533 7ff7d9566b60 15532->15533 15541 7ff7d957c124 15532->15541 15533->15436 15535 7ff7d95695d8 15533->15535 15536 7ff7d95695ea 15535->15536 15537 7ff7d95695e0 15535->15537 15536->15436 15553 7ff7d9569760 15537->15553 15552 7ff7d9576c04 EnterCriticalSection 15541->15552 15543 7ff7d957c134 15544 7ff7d957530c 53 API calls 15543->15544 15545 7ff7d957c13d 15544->15545 15546 7ff7d957bf2c 55 API calls 15545->15546 15551 7ff7d957c14b 15545->15551 15548 7ff7d957c146 15546->15548 15547 7ff7d9576c58 BuildCatchObjectHelperInternal LeaveCriticalSection 15549 7ff7d957c157 15547->15549 15550 7ff7d957c01c GetStdHandle GetFileType 15548->15550 15549->15532 15550->15551 15551->15547 15554 7ff7d95695e5 15553->15554 15555 7ff7d956976f 15553->15555 15557 7ff7d956c924 15554->15557 15561 7ff7d956caf4 15555->15561 15558 7ff7d956c94f 15557->15558 15559 7ff7d956c953 15558->15559 15560 7ff7d956c932 DeleteCriticalSection 15558->15560 15559->15536 15560->15558 15565 7ff7d956c95c 15561->15565 15566 7ff7d956c9a0 __vcrt_InitializeCriticalSectionEx 15565->15566 15571 7ff7d956ca76 TlsFree 15565->15571 15567 7ff7d956c9ce LoadLibraryExW 15566->15567 15568 7ff7d956ca65 GetProcAddress 15566->15568 15566->15571 15573 7ff7d956ca11 LoadLibraryExW 15566->15573 15569 7ff7d956ca45 15567->15569 15570 7ff7d956c9ef GetLastError 15567->15570 15568->15571 15569->15568 15572 7ff7d956ca5c FreeLibrary 15569->15572 15570->15566 15572->15568 15573->15566 15573->15569 15575 7ff7d957a319 15574->15575 15584 7ff7d957a315 15574->15584 15597 7ff7d9581ea0 15575->15597 15580 7ff7d957a32b 15623 7ff7d957b78c 15580->15623 15581 7ff7d957a337 15629 7ff7d957a374 15581->15629 15584->15441 15589 7ff7d957a4c8 15584->15589 15586 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15587 7ff7d957a35e 15586->15587 15588 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15587->15588 15588->15584 15590 7ff7d957a4f1 15589->15590 15595 7ff7d957a50a 15589->15595 15590->15441 15591 7ff7d957b714 _set_fmode 11 API calls 15591->15595 15592 7ff7d957a59a 15594 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15592->15594 15593 7ff7d957e4f4 WideCharToMultiByte 15593->15595 15594->15590 15595->15590 15595->15591 15595->15592 15595->15593 15596 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15595->15596 15596->15595 15598 7ff7d9581ead 15597->15598 15599 7ff7d957a31e 15597->15599 15648 7ff7d957b488 15598->15648 15603 7ff7d9582264 GetEnvironmentStringsW 15599->15603 15604 7ff7d957a323 15603->15604 15605 7ff7d9582294 15603->15605 15604->15580 15604->15581 15606 7ff7d957e4f4 WideCharToMultiByte 15605->15606 15607 7ff7d95822e5 15606->15607 15608 7ff7d95822ec FreeEnvironmentStringsW 15607->15608 15609 7ff7d957cf88 12 API calls 15607->15609 15608->15604 15610 7ff7d95822ff 15609->15610 15611 7ff7d9582307 15610->15611 15612 7ff7d9582310 15610->15612 15613 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15611->15613 15614 7ff7d957e4f4 WideCharToMultiByte 15612->15614 15615 7ff7d958230e 15613->15615 15616 7ff7d9582333 15614->15616 15615->15608 15617 7ff7d9582337 15616->15617 15618 7ff7d9582341 15616->15618 15619 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15617->15619 15620 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15618->15620 15621 7ff7d958233f FreeEnvironmentStringsW 15619->15621 15620->15621 15621->15604 15624 7ff7d957b791 HeapFree 15623->15624 15626 7ff7d957b7c0 15623->15626 15625 7ff7d957b7ac GetLastError 15624->15625 15624->15626 15627 7ff7d957b7b9 Concurrency::details::SchedulerProxy::DeleteThis 15625->15627 15626->15584 15628 7ff7d9576d80 _set_fmode 9 API calls 15627->15628 15628->15626 15630 7ff7d957a399 15629->15630 15631 7ff7d957b714 _set_fmode 11 API calls 15630->15631 15643 7ff7d957a3cf 15631->15643 15632 7ff7d957a3d7 15633 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15632->15633 15634 7ff7d957a33f 15633->15634 15634->15586 15635 7ff7d957a44a 15636 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15635->15636 15636->15634 15637 7ff7d957b714 _set_fmode 11 API calls 15637->15643 15638 7ff7d957a439 16078 7ff7d957a484 15638->16078 15642 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15642->15632 15643->15632 15643->15635 15643->15637 15643->15638 15644 7ff7d957a46f 15643->15644 15646 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15643->15646 16069 7ff7d957af1c 15643->16069 15645 7ff7d956d1b0 _invalid_parameter_noinfo_noreturn 17 API calls 15644->15645 15647 7ff7d957a482 15645->15647 15646->15643 15649 7ff7d957b499 FlsGetValue 15648->15649 15650 7ff7d957b4b4 FlsSetValue 15648->15650 15651 7ff7d957b4ae 15649->15651 15652 7ff7d957b4a6 15649->15652 15650->15652 15653 7ff7d957b4c1 15650->15653 15651->15650 15654 7ff7d957b4ac 15652->15654 15703 7ff7d9579838 15652->15703 15691 7ff7d957b714 15653->15691 15668 7ff7d9581b78 15654->15668 15658 7ff7d957b4d0 15659 7ff7d957b4ee FlsSetValue 15658->15659 15660 7ff7d957b4de FlsSetValue 15658->15660 15661 7ff7d957b50c 15659->15661 15662 7ff7d957b4fa FlsSetValue 15659->15662 15663 7ff7d957b4e7 15660->15663 15698 7ff7d957b164 15661->15698 15662->15663 15665 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15663->15665 15665->15652 15894 7ff7d9581de8 15668->15894 15670 7ff7d9581bad 15909 7ff7d9581878 15670->15909 15674 7ff7d9581bdb 15675 7ff7d9581be3 15674->15675 15678 7ff7d9581bf2 15674->15678 15676 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15675->15676 15677 7ff7d9581bca 15676->15677 15677->15599 15678->15678 15923 7ff7d9581f1c 15678->15923 15681 7ff7d9581cee 15682 7ff7d9576d80 _set_fmode 11 API calls 15681->15682 15683 7ff7d9581cf3 15682->15683 15685 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15683->15685 15684 7ff7d9581d49 15687 7ff7d9581db0 15684->15687 15934 7ff7d95816a8 15684->15934 15685->15677 15686 7ff7d9581d08 15686->15684 15689 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15686->15689 15688 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15687->15688 15688->15677 15689->15684 15692 7ff7d957b725 _set_fmode 15691->15692 15693 7ff7d957b776 15692->15693 15694 7ff7d957b75a HeapAlloc 15692->15694 15712 7ff7d9579d54 15692->15712 15715 7ff7d9576d80 15693->15715 15694->15692 15696 7ff7d957b774 15694->15696 15696->15658 15741 7ff7d957b03c 15698->15741 15755 7ff7d9580918 15703->15755 15718 7ff7d9579d94 15712->15718 15724 7ff7d957b52c GetLastError 15715->15724 15717 7ff7d9576d89 15717->15696 15723 7ff7d9576c04 EnterCriticalSection 15718->15723 15725 7ff7d957b56d FlsSetValue 15724->15725 15730 7ff7d957b550 15724->15730 15726 7ff7d957b55d 15725->15726 15727 7ff7d957b57f 15725->15727 15728 7ff7d957b5d9 SetLastError 15726->15728 15729 7ff7d957b714 _set_fmode 5 API calls 15727->15729 15728->15717 15731 7ff7d957b58e 15729->15731 15730->15725 15730->15726 15732 7ff7d957b5ac FlsSetValue 15731->15732 15733 7ff7d957b59c FlsSetValue 15731->15733 15735 7ff7d957b5ca 15732->15735 15736 7ff7d957b5b8 FlsSetValue 15732->15736 15734 7ff7d957b5a5 15733->15734 15738 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15734->15738 15737 7ff7d957b164 _set_fmode 5 API calls 15735->15737 15736->15734 15739 7ff7d957b5d2 15737->15739 15738->15726 15740 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15739->15740 15740->15728 15753 7ff7d9576c04 EnterCriticalSection 15741->15753 15789 7ff7d95808d0 15755->15789 15794 7ff7d9576c04 EnterCriticalSection 15789->15794 15895 7ff7d9581e0b 15894->15895 15897 7ff7d9581e15 15895->15897 15949 7ff7d9576c04 EnterCriticalSection 15895->15949 15899 7ff7d9581e87 15897->15899 15901 7ff7d9579838 BuildCatchObjectHelperInternal 47 API calls 15897->15901 15899->15670 15903 7ff7d9581e9f 15901->15903 15905 7ff7d9581ef2 15903->15905 15906 7ff7d957b488 52 API calls 15903->15906 15905->15670 15907 7ff7d9581edc 15906->15907 15908 7ff7d9581b78 67 API calls 15907->15908 15908->15905 15950 7ff7d9574a34 15909->15950 15912 7ff7d95818aa 15914 7ff7d95818af GetACP 15912->15914 15915 7ff7d95818bf 15912->15915 15913 7ff7d9581898 GetOEMCP 15913->15915 15914->15915 15915->15677 15916 7ff7d957cf88 15915->15916 15917 7ff7d957cf97 _set_fmode 15916->15917 15918 7ff7d957cfd3 15916->15918 15917->15918 15919 7ff7d957cfba HeapAlloc 15917->15919 15922 7ff7d9579d54 Concurrency::cancel_current_task 2 API calls 15917->15922 15920 7ff7d9576d80 _set_fmode 11 API calls 15918->15920 15919->15917 15921 7ff7d957cfd1 15919->15921 15920->15921 15921->15674 15922->15917 15924 7ff7d9581878 49 API calls 15923->15924 15925 7ff7d9581f49 15924->15925 15926 7ff7d958209f 15925->15926 15928 7ff7d9581f86 IsValidCodePage 15925->15928 15933 7ff7d9581fa0 memcpy_s 15925->15933 15927 7ff7d95669e0 _log10_special 8 API calls 15926->15927 15930 7ff7d9581ce5 15927->15930 15928->15926 15929 7ff7d9581f97 15928->15929 15931 7ff7d9581fc6 GetCPInfo 15929->15931 15929->15933 15930->15681 15930->15686 15931->15926 15931->15933 15982 7ff7d9581990 15933->15982 16068 7ff7d9576c04 EnterCriticalSection 15934->16068 15951 7ff7d9574a58 15950->15951 15952 7ff7d9574a53 15950->15952 15951->15952 15953 7ff7d957b3b4 BuildCatchObjectHelperInternal 47 API calls 15951->15953 15952->15912 15952->15913 15954 7ff7d9574a73 15953->15954 15958 7ff7d957cfe8 15954->15958 15959 7ff7d957cffd 15958->15959 15960 7ff7d9574a96 15958->15960 15959->15960 15966 7ff7d9582f40 15959->15966 15962 7ff7d957d054 15960->15962 15963 7ff7d957d069 15962->15963 15964 7ff7d957d07c 15962->15964 15963->15964 15979 7ff7d9581f00 15963->15979 15964->15952 15967 7ff7d957b3b4 BuildCatchObjectHelperInternal 47 API calls 15966->15967 15968 7ff7d9582f4f 15967->15968 15969 7ff7d9582f9a 15968->15969 15978 7ff7d9576c04 EnterCriticalSection 15968->15978 15969->15960 15980 7ff7d957b3b4 BuildCatchObjectHelperInternal 47 API calls 15979->15980 15981 7ff7d9581f09 15980->15981 15983 7ff7d95819cd GetCPInfo 15982->15983 15984 7ff7d9581ac3 15982->15984 15983->15984 15986 7ff7d95819e0 15983->15986 15985 7ff7d95669e0 _log10_special 8 API calls 15984->15985 15988 7ff7d9581b62 15985->15988 15993 7ff7d957ff34 15986->15993 15988->15926 15994 7ff7d9574a34 47 API calls 15993->15994 15995 7ff7d957ff76 15994->15995 16013 7ff7d9580be4 15995->16013 16015 7ff7d9580bed MultiByteToWideChar 16013->16015 16070 7ff7d957af29 16069->16070 16071 7ff7d957af33 16069->16071 16070->16071 16075 7ff7d957af4e 16070->16075 16072 7ff7d9576d80 _set_fmode 11 API calls 16071->16072 16077 7ff7d957af3a 16072->16077 16073 7ff7d957af46 16073->15643 16074 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16074->16073 16075->16073 16076 7ff7d9576d80 _set_fmode 11 API calls 16075->16076 16076->16077 16077->16074 16079 7ff7d957a489 16078->16079 16080 7ff7d957a441 16078->16080 16081 7ff7d957a4b2 16079->16081 16082 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16079->16082 16080->15642 16083 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16081->16083 16082->16079 16083->16080 16085 7ff7d9574c8c 16084->16085 16086 7ff7d95634e2 GetFileVersionInfoA VerQueryValueA 16085->16086 16250 7ff7d9563310 16086->16250 16091 7ff7d9563568 __std_exception_destroy 16094 7ff7d95669e0 _log10_special 8 API calls 16091->16094 16095 7ff7d9563580 16094->16095 16099 7ff7d95633b0 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoA 16095->16099 16096 7ff7d9563593 16320 7ff7d9564540 16096->16320 16098 7ff7d95635ac 16100 7ff7d95669e0 _log10_special 8 API calls 16099->16100 16101 7ff7d9563482 16100->16101 16101->15451 16101->15452 16108 7ff7d9564ffe 16102->16108 16103 7ff7d9565222 16107 7ff7d956524f 16103->16107 17146 7ff7d9565960 16103->17146 16107->15460 16107->15472 16114 7ff7d9561660 16107->16114 16108->16103 17163 7ff7d9576470 16108->17163 17172 7ff7d9576b0c 16108->17172 17180 7ff7d95659d0 16108->17180 16111 7ff7d9561829 16110->16111 16112 7ff7d9573d4c 80 API calls 16111->16112 16113 7ff7d9561849 16112->16113 16113->15455 16115 7ff7d9561800 80 API calls 16114->16115 16116 7ff7d95616a0 16115->16116 16117 7ff7d956d728 75 API calls 16116->16117 16118 7ff7d95616b2 16117->16118 16119 7ff7d95747d4 35 API calls 16118->16119 16123 7ff7d95616b7 16119->16123 16120 7ff7d9561709 16121 7ff7d9561800 80 API calls 16120->16121 16122 7ff7d9561715 16121->16122 16126 7ff7d9564f40 16122->16126 16123->16120 16125 7ff7d95747d4 35 API calls 16123->16125 17266 7ff7d9561160 16123->17266 16125->16123 16127 7ff7d9564f86 std::exception_ptr::_Current_exception 16126->16127 16128 7ff7d9564f55 16126->16128 16127->15469 16128->16127 16129 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 16128->16129 16130 7ff7d9564fca 16129->16130 16132 7ff7d9561522 GetLastError 16131->16132 16147 7ff7d9561611 std::exception_ptr::_Current_exception 16131->16147 16133 7ff7d9561531 16132->16133 16132->16147 16135 7ff7d956157d 16133->16135 16136 7ff7d9561554 16133->16136 16142 7ff7d9561566 memcpy_s 16133->16142 16134 7ff7d95615af GetComputerNameA 16138 7ff7d95615d2 16134->16138 16137 7ff7d95668d8 Concurrency::cancel_current_task 49 API calls 16135->16137 16139 7ff7d956164e 16136->16139 16140 7ff7d95668d8 Concurrency::cancel_current_task 49 API calls 16136->16140 16137->16142 16138->16138 17282 7ff7d95610a0 16138->17282 16141 7ff7d9561730 Concurrency::cancel_current_task 49 API calls 16139->16141 16140->16142 16143 7ff7d9561654 16141->16143 16142->16134 16145 7ff7d95615e7 16142->16145 16146 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 16145->16146 16145->16147 16146->16139 16147->15461 16149 7ff7d957658e 16148->16149 16150 7ff7d9576561 16148->16150 16151 7ff7d9576d80 _set_fmode 11 API calls 16150->16151 16153 7ff7d9576518 16150->16153 16152 7ff7d957656b 16151->16152 16154 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16152->16154 16153->15477 16155 7ff7d9576576 16154->16155 16155->15477 17295 7ff7d95636f0 16156->17295 16159 7ff7d9565667 16160 7ff7d9565905 std::exception_ptr::_Current_exception 16159->16160 16165 7ff7d9565938 16159->16165 16163 7ff7d95669e0 _log10_special 8 API calls 16160->16163 16166 7ff7d956591b 16163->16166 16167 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 16165->16167 16166->15494 16166->15498 16166->15499 16169 7ff7d956593d 16167->16169 16171 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 16169->16171 16173 7ff7d9565943 16171->16173 16175 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 16173->16175 16176 7ff7d9565949 16175->16176 16177 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 16176->16177 16181 7ff7d956594f 16177->16181 16186 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 16181->16186 16189 7ff7d9565955 16186->16189 17728 7ff7d9563180 GetCurrentProcess OpenProcessToken 16227->17728 16229 7ff7d9564632 8 API calls 16236 7ff7d95646d0 __std_exception_destroy 16229->16236 16230 7ff7d9564890 16232 7ff7d95669e0 _log10_special 8 API calls 16230->16232 16231 7ff7d95646ea GetModuleHandleA GetProcAddress 16231->16230 16231->16236 16233 7ff7d95648b0 16232->16233 16233->15481 16233->15482 16234 7ff7d9576370 47 API calls 16234->16236 16235 7ff7d956487e Sleep 16235->16236 16236->16230 16236->16231 16236->16234 16236->16235 16236->16236 16237 7ff7d95648d0 22 API calls 16236->16237 16237->16236 16239 7ff7d9563606 FormatMessageA 16238->16239 16240 7ff7d95635e5 LoadLibraryExA 16238->16240 16241 7ff7d956363b GetStdHandle WriteFile LocalFree 16239->16241 16242 7ff7d9563670 16239->16242 16240->16239 16241->16242 16243 7ff7d956367e 16242->16243 16244 7ff7d9563675 FreeLibrary 16242->16244 16243->15494 16244->16243 16246 7ff7d956cff8 _invalid_parameter_noinfo 47 API calls 16245->16246 16247 7ff7d956d199 16246->16247 16248 7ff7d956d1b0 _invalid_parameter_noinfo_noreturn 17 API calls 16247->16248 16249 7ff7d956d1ae 16248->16249 16324 7ff7d9564590 16250->16324 16253 7ff7d9563381 16254 7ff7d95669e0 _log10_special 8 API calls 16253->16254 16255 7ff7d956339c 16254->16255 16256 7ff7d95629d0 16255->16256 16258 7ff7d9562a10 16256->16258 16264 7ff7d9562a58 16256->16264 16262 7ff7d9574fa8 56 API calls 16258->16262 16258->16264 16259 7ff7d9562c47 16590 7ff7d9562c80 16259->16590 16261 7ff7d9562a9b 16261->16259 16572 7ff7d95751ec 16261->16572 16262->16258 16263 7ff7d9562c4e 16267 7ff7d95669e0 _log10_special 8 API calls 16263->16267 16567 7ff7d9561b80 16264->16567 16269 7ff7d9562c67 16267->16269 16269->16091 16304 7ff7d95620d0 16269->16304 16271 7ff7d9562ad4 16614 7ff7d95751a0 16271->16614 16274 7ff7d9562b1c 16274->16263 16275 7ff7d9562b24 GetModuleFileNameW GetFileVersionInfoSizeW 16274->16275 16276 7ff7d9574c8c 16275->16276 16278 7ff7d9562b4f GetFileVersionInfoW 16276->16278 16277 7ff7d95751ec 47 API calls 16279 7ff7d9562b01 16277->16279 16646 7ff7d9562fd0 16278->16646 16623 7ff7d95757a8 16279->16623 16285 7ff7d9562fd0 51 API calls 16286 7ff7d9562b85 16285->16286 16287 7ff7d9562fd0 51 API calls 16286->16287 16288 7ff7d9562b97 16287->16288 16289 7ff7d9562fd0 51 API calls 16288->16289 16290 7ff7d9562ba9 16289->16290 16291 7ff7d9562fd0 51 API calls 16290->16291 16292 7ff7d9562bbb 16291->16292 16652 7ff7d9561df0 GetStdHandle GetFileType 16292->16652 16294 7ff7d9562bc3 16295 7ff7d9562c05 16294->16295 16296 7ff7d9562bc7 16294->16296 16298 7ff7d9562eb0 80 API calls 16295->16298 16653 7ff7d9562eb0 16296->16653 16300 7ff7d9562c33 16298->16300 16299 7ff7d9562bf3 16657 7ff7d956d728 16299->16657 16301 7ff7d956d728 75 API calls 16300->16301 16303 7ff7d9562c03 16301->16303 16303->16263 16305 7ff7d9562104 16304->16305 16306 7ff7d95621a6 16304->16306 16305->16306 16315 7ff7d956210d 16305->16315 17044 7ff7d9561850 16306->17044 16310 7ff7d95621da GetCommandLineW 16313 7ff7d95621ec 16310->16313 16311 7ff7d9562199 16311->16091 16311->16096 16312 7ff7d95622f0 138 API calls 16314 7ff7d956227f 16312->16314 16318 7ff7d9574b10 53 API calls 16313->16318 16319 7ff7d956223b 16313->16319 16314->16311 16316 7ff7d9574fa8 56 API calls 16315->16316 16317 7ff7d9562157 16315->16317 16316->16315 17010 7ff7d95622f0 16317->17010 16318->16313 16319->16312 16321 7ff7d9564566 16320->16321 17127 7ff7d9573d4c 16321->17127 16325 7ff7d95645b6 16324->16325 16328 7ff7d95741dc 16325->16328 16332 7ff7d9574236 16328->16332 16329 7ff7d957425b 16330 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16329->16330 16334 7ff7d9574285 16330->16334 16331 7ff7d9574297 16350 7ff7d9570bb0 16331->16350 16332->16329 16332->16331 16335 7ff7d95743f1 16334->16335 16336 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16334->16336 16337 7ff7d9574407 16335->16337 16338 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16335->16338 16336->16335 16339 7ff7d95669e0 _log10_special 8 API calls 16337->16339 16338->16337 16342 7ff7d956335b VerQueryValueA 16339->16342 16340 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16340->16334 16342->16253 16343 7ff7d9574374 16343->16340 16344 7ff7d9574349 16348 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16344->16348 16345 7ff7d9574398 16345->16343 16347 7ff7d95743a2 16345->16347 16346 7ff7d9574340 16346->16343 16346->16344 16349 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16347->16349 16348->16334 16349->16334 16351 7ff7d9570bee 16350->16351 16352 7ff7d9570bde 16350->16352 16353 7ff7d9570bf7 16351->16353 16357 7ff7d9570c25 16351->16357 16355 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16352->16355 16356 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16353->16356 16354 7ff7d9570c1d 16354->16343 16354->16344 16354->16345 16354->16346 16355->16354 16356->16354 16357->16352 16357->16354 16360 7ff7d9570ed4 16357->16360 16364 7ff7d9572260 16357->16364 16390 7ff7d9571940 16357->16390 16420 7ff7d956ffd8 16357->16420 16423 7ff7d9573940 16357->16423 16362 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16360->16362 16362->16352 16365 7ff7d9572315 16364->16365 16366 7ff7d95722a2 16364->16366 16367 7ff7d957231a 16365->16367 16368 7ff7d957236f 16365->16368 16369 7ff7d95722a8 16366->16369 16370 7ff7d957233f 16366->16370 16371 7ff7d957231c 16367->16371 16372 7ff7d957234f 16367->16372 16368->16370 16380 7ff7d957237e 16368->16380 16388 7ff7d95722d8 16368->16388 16377 7ff7d95722ad 16369->16377 16369->16380 16448 7ff7d956ebc8 16370->16448 16373 7ff7d95722bd 16371->16373 16379 7ff7d957232b 16371->16379 16455 7ff7d956e7b8 16372->16455 16389 7ff7d95723ad 16373->16389 16430 7ff7d9573088 16373->16430 16377->16373 16378 7ff7d95722f0 16377->16378 16377->16388 16378->16389 16440 7ff7d9573544 16378->16440 16379->16370 16383 7ff7d9572330 16379->16383 16380->16389 16462 7ff7d956efd8 16380->16462 16383->16389 16444 7ff7d95736dc 16383->16444 16384 7ff7d95669e0 _log10_special 8 API calls 16386 7ff7d9572643 16384->16386 16386->16357 16388->16389 16469 7ff7d957debc 16388->16469 16389->16384 16391 7ff7d957194b 16390->16391 16392 7ff7d9571961 16390->16392 16394 7ff7d957199f 16391->16394 16395 7ff7d9572315 16391->16395 16396 7ff7d95722a2 16391->16396 16393 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16392->16393 16392->16394 16393->16394 16394->16357 16397 7ff7d957231a 16395->16397 16398 7ff7d957236f 16395->16398 16399 7ff7d95722a8 16396->16399 16400 7ff7d957233f 16396->16400 16401 7ff7d957231c 16397->16401 16402 7ff7d957234f 16397->16402 16398->16400 16410 7ff7d957237e 16398->16410 16419 7ff7d95722d8 16398->16419 16407 7ff7d95722ad 16399->16407 16399->16410 16404 7ff7d956ebc8 48 API calls 16400->16404 16403 7ff7d95722bd 16401->16403 16408 7ff7d957232b 16401->16408 16405 7ff7d956e7b8 48 API calls 16402->16405 16406 7ff7d9573088 49 API calls 16403->16406 16417 7ff7d95723ad 16403->16417 16404->16419 16405->16419 16406->16419 16407->16403 16409 7ff7d95722f0 16407->16409 16407->16419 16408->16400 16412 7ff7d9572330 16408->16412 16413 7ff7d9573544 49 API calls 16409->16413 16409->16417 16411 7ff7d956efd8 48 API calls 16410->16411 16410->16417 16411->16419 16415 7ff7d95736dc 47 API calls 16412->16415 16412->16417 16413->16419 16414 7ff7d95669e0 _log10_special 8 API calls 16416 7ff7d9572643 16414->16416 16415->16419 16416->16357 16417->16414 16418 7ff7d957debc 49 API calls 16418->16419 16419->16417 16419->16418 16542 7ff7d956dd8c 16420->16542 16424 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16423->16424 16425 7ff7d9573957 16424->16425 16559 7ff7d957d01c 16425->16559 16431 7ff7d95730aa 16430->16431 16479 7ff7d956dbf8 16431->16479 16436 7ff7d9573940 47 API calls 16439 7ff7d95731e7 16436->16439 16437 7ff7d9573270 16437->16388 16437->16437 16438 7ff7d9573940 47 API calls 16438->16437 16439->16437 16439->16438 16439->16439 16441 7ff7d957355c 16440->16441 16443 7ff7d95735c4 16440->16443 16442 7ff7d957debc 49 API calls 16441->16442 16441->16443 16442->16443 16443->16388 16447 7ff7d95736fd 16444->16447 16445 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16446 7ff7d957372e 16445->16446 16446->16388 16447->16445 16447->16446 16449 7ff7d956ebfb 16448->16449 16450 7ff7d956ec2a 16449->16450 16453 7ff7d956ece7 16449->16453 16451 7ff7d956ec67 16450->16451 16452 7ff7d956dbf8 12 API calls 16450->16452 16451->16388 16452->16451 16454 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16453->16454 16454->16451 16456 7ff7d956e7eb 16455->16456 16457 7ff7d956e81a 16456->16457 16459 7ff7d956e8d7 16456->16459 16458 7ff7d956dbf8 12 API calls 16457->16458 16461 7ff7d956e857 16457->16461 16458->16461 16460 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16459->16460 16460->16461 16461->16388 16464 7ff7d956f00b 16462->16464 16463 7ff7d956f03a 16465 7ff7d956dbf8 12 API calls 16463->16465 16468 7ff7d956f077 16463->16468 16464->16463 16466 7ff7d956f0f7 16464->16466 16465->16468 16467 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16466->16467 16467->16468 16468->16388 16470 7ff7d957dee4 16469->16470 16471 7ff7d9573940 47 API calls 16470->16471 16473 7ff7d957df29 16470->16473 16475 7ff7d957dee9 memcpy_s 16470->16475 16477 7ff7d957df12 memcpy_s 16470->16477 16471->16473 16472 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16472->16475 16474 7ff7d957e4f4 WideCharToMultiByte 16473->16474 16473->16475 16473->16477 16476 7ff7d957e005 16474->16476 16475->16388 16476->16475 16478 7ff7d957e01a GetLastError 16476->16478 16477->16472 16477->16475 16478->16475 16478->16477 16480 7ff7d956dc2f 16479->16480 16486 7ff7d956dc1e 16479->16486 16481 7ff7d957cf88 12 API calls 16480->16481 16480->16486 16482 7ff7d956dc5c 16481->16482 16483 7ff7d956dc70 16482->16483 16484 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16482->16484 16485 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16483->16485 16484->16483 16485->16486 16487 7ff7d957dbd4 16486->16487 16488 7ff7d957dc24 16487->16488 16489 7ff7d957dbf1 16487->16489 16488->16489 16491 7ff7d957dc56 16488->16491 16490 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16489->16490 16500 7ff7d95731c5 16490->16500 16496 7ff7d957dd69 16491->16496 16502 7ff7d957dc9e 16491->16502 16492 7ff7d957de5b 16533 7ff7d957d0c0 16492->16533 16494 7ff7d957de21 16526 7ff7d957d458 16494->16526 16496->16492 16496->16494 16497 7ff7d957ddf0 16496->16497 16499 7ff7d957ddb3 16496->16499 16501 7ff7d957dda9 16496->16501 16519 7ff7d957d738 16497->16519 16509 7ff7d957d968 16499->16509 16500->16436 16500->16439 16501->16494 16504 7ff7d957ddae 16501->16504 16502->16500 16505 7ff7d957af1c std::_Xinvalid_argument 47 API calls 16502->16505 16504->16497 16504->16499 16506 7ff7d957dd56 16505->16506 16506->16500 16507 7ff7d956d1b0 _invalid_parameter_noinfo_noreturn 17 API calls 16506->16507 16508 7ff7d957deb8 16507->16508 16510 7ff7d958410c 48 API calls 16509->16510 16511 7ff7d957d9b5 16510->16511 16512 7ff7d9583ffc 47 API calls 16511->16512 16513 7ff7d957da10 16512->16513 16514 7ff7d957da14 16513->16514 16515 7ff7d957da65 16513->16515 16516 7ff7d957da30 16513->16516 16514->16500 16517 7ff7d957d554 47 API calls 16515->16517 16518 7ff7d957d810 47 API calls 16516->16518 16517->16514 16518->16514 16520 7ff7d958410c 48 API calls 16519->16520 16521 7ff7d957d782 16520->16521 16522 7ff7d9583ffc 47 API calls 16521->16522 16523 7ff7d957d7d2 16522->16523 16524 7ff7d957d7d6 16523->16524 16525 7ff7d957d810 47 API calls 16523->16525 16524->16500 16525->16524 16527 7ff7d958410c 48 API calls 16526->16527 16528 7ff7d957d4a3 16527->16528 16529 7ff7d9583ffc 47 API calls 16528->16529 16530 7ff7d957d4fb 16529->16530 16531 7ff7d957d4ff 16530->16531 16532 7ff7d957d554 47 API calls 16530->16532 16531->16500 16532->16531 16534 7ff7d957d138 16533->16534 16535 7ff7d957d105 16533->16535 16537 7ff7d957d150 16534->16537 16539 7ff7d957d1d1 16534->16539 16536 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16535->16536 16541 7ff7d957d131 memcpy_s 16536->16541 16538 7ff7d957d458 48 API calls 16537->16538 16538->16541 16540 7ff7d9573940 47 API calls 16539->16540 16539->16541 16540->16541 16541->16500 16543 7ff7d956ddcb 16542->16543 16544 7ff7d956ddb9 16542->16544 16546 7ff7d956de15 16543->16546 16548 7ff7d956ddd8 16543->16548 16545 7ff7d9576d80 _set_fmode 11 API calls 16544->16545 16547 7ff7d956ddbe 16545->16547 16551 7ff7d956debe 16546->16551 16552 7ff7d9576d80 _set_fmode 11 API calls 16546->16552 16549 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16547->16549 16550 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16548->16550 16556 7ff7d956ddc9 16549->16556 16550->16556 16553 7ff7d9576d80 _set_fmode 11 API calls 16551->16553 16551->16556 16554 7ff7d956deb3 16552->16554 16555 7ff7d956df68 16553->16555 16557 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16554->16557 16558 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16555->16558 16556->16357 16557->16551 16558->16556 16560 7ff7d957397f 16559->16560 16561 7ff7d957d035 16559->16561 16563 7ff7d957d088 16560->16563 16561->16560 16562 7ff7d9582f40 47 API calls 16561->16562 16562->16560 16564 7ff7d957398f 16563->16564 16565 7ff7d957d0a1 16563->16565 16564->16357 16565->16564 16566 7ff7d9581f00 47 API calls 16565->16566 16566->16564 16663 7ff7d9561cb0 16567->16663 16569 7ff7d9561be0 16569->16261 16570 7ff7d9561b9a 16570->16569 16571 7ff7d9574fa8 56 API calls 16570->16571 16571->16570 16573 7ff7d9562abb 16572->16573 16574 7ff7d95751f5 16572->16574 16578 7ff7d95756c0 16573->16578 16575 7ff7d9576d80 _set_fmode 11 API calls 16574->16575 16576 7ff7d95751fa 16575->16576 16577 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16576->16577 16577->16573 16579 7ff7d95756c9 16578->16579 16580 7ff7d95756de 16578->16580 16721 7ff7d9576d60 16579->16721 16582 7ff7d9576d60 11 API calls 16580->16582 16586 7ff7d9562ac2 GetFileType 16580->16586 16584 7ff7d9575719 16582->16584 16587 7ff7d9576d80 _set_fmode 11 API calls 16584->16587 16585 7ff7d9576d80 _set_fmode 11 API calls 16585->16586 16586->16259 16586->16271 16588 7ff7d9575721 16587->16588 16589 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16588->16589 16589->16586 16591 7ff7d9562c88 GetModuleFileNameA 16590->16591 16592 7ff7d9562e08 16590->16592 16593 7ff7d9562cda 16591->16593 16592->16263 16724 7ff7d9562f00 16593->16724 16596 7ff7d9562f00 52 API calls 16597 7ff7d9562d19 16596->16597 16598 7ff7d9562f00 52 API calls 16597->16598 16599 7ff7d9562d2b 16598->16599 16600 7ff7d9562f00 52 API calls 16599->16600 16601 7ff7d9562d3d 16600->16601 16602 7ff7d9562f00 52 API calls 16601->16602 16603 7ff7d9562d4f 16602->16603 16730 7ff7d9561df0 GetStdHandle GetFileType 16603->16730 16605 7ff7d9562d57 16606 7ff7d9562d5b 16605->16606 16607 7ff7d9562d90 16605->16607 16608 7ff7d9562e10 80 API calls 16606->16608 16731 7ff7d9562e10 16607->16731 16610 7ff7d9562d89 16608->16610 16611 7ff7d956d728 75 API calls 16610->16611 16612 7ff7d9562dd0 16611->16612 16613 7ff7d95669e0 _log10_special 8 API calls 16612->16613 16613->16592 16615 7ff7d95751c9 16614->16615 16616 7ff7d95751b4 16614->16616 16615->16616 16618 7ff7d95751ce 16615->16618 16617 7ff7d9576d80 _set_fmode 11 API calls 16616->16617 16619 7ff7d95751b9 16617->16619 16754 7ff7d957f208 16618->16754 16621 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16619->16621 16622 7ff7d9562aee 16621->16622 16622->16274 16622->16277 16624 7ff7d95757d1 16623->16624 16625 7ff7d95757fe 16624->16625 16626 7ff7d957582b 16624->16626 16627 7ff7d9576d80 _set_fmode 11 API calls 16625->16627 16628 7ff7d9575830 16626->16628 16633 7ff7d957583d 16626->16633 16630 7ff7d9575803 16627->16630 16629 7ff7d9576d80 _set_fmode 11 API calls 16628->16629 16631 7ff7d9562b0d 16629->16631 16634 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16630->16634 16642 7ff7d9562e60 16631->16642 16632 7ff7d9575856 16635 7ff7d9576d80 _set_fmode 11 API calls 16632->16635 16633->16632 16636 7ff7d9575887 16633->16636 16634->16631 16635->16630 16773 7ff7d95753b4 EnterCriticalSection 16636->16773 16643 7ff7d9562e86 16642->16643 16774 7ff7d9573f94 16643->16774 16647 7ff7d956301f 16646->16647 16793 7ff7d95630a0 16647->16793 16650 7ff7d95669e0 _log10_special 8 API calls 16651 7ff7d9562b73 16650->16651 16651->16285 16652->16294 16654 7ff7d9562ed6 16653->16654 16972 7ff7d95740b8 16654->16972 16658 7ff7d956d73d 16657->16658 16659 7ff7d956d736 16657->16659 16661 7ff7d956d73b 16658->16661 16994 7ff7d956d520 16658->16994 16991 7ff7d956d560 16659->16991 16661->16303 16679 7ff7d95628b0 16663->16679 16667 7ff7d9561dcb 16669 7ff7d95669e0 _log10_special 8 API calls 16667->16669 16671 7ff7d9561de0 16669->16671 16670 7ff7d9561c10 3 API calls 16672 7ff7d9561d19 16670->16672 16671->16570 16672->16667 16673 7ff7d9561d21 RegOpenKeyExA 16672->16673 16674 7ff7d9561d55 RegQueryValueExA RegCloseKey 16673->16674 16675 7ff7d9561db1 16673->16675 16674->16675 16677 7ff7d9561daa 16674->16677 16676 7ff7d95669e0 _log10_special 8 API calls 16675->16676 16678 7ff7d9561dc3 16676->16678 16677->16667 16677->16675 16678->16570 16680 7ff7d95628d5 16679->16680 16686 7ff7d9574430 16680->16686 16683 7ff7d9561c10 RegOpenKeyExA 16684 7ff7d9561c3e RegQueryValueExA RegCloseKey 16683->16684 16685 7ff7d9561c8d 16683->16685 16684->16685 16685->16667 16685->16670 16687 7ff7d9574469 16686->16687 16690 7ff7d95744ac 16687->16690 16696 7ff7d956d890 16687->16696 16688 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16691 7ff7d95744eb 16688->16691 16690->16688 16690->16691 16692 7ff7d9574511 16691->16692 16694 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16691->16694 16693 7ff7d9561ceb 16692->16693 16695 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16692->16695 16693->16683 16694->16692 16695->16693 16697 7ff7d956d8d3 16696->16697 16698 7ff7d956d8ff 16696->16698 16699 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16697->16699 16698->16697 16700 7ff7d956d909 16698->16700 16701 7ff7d956d8f7 16699->16701 16707 7ff7d957082c 16700->16707 16703 7ff7d95669e0 _log10_special 8 API calls 16701->16703 16704 7ff7d956da12 16703->16704 16704->16690 16705 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16705->16701 16708 7ff7d957086a 16707->16708 16709 7ff7d957085a 16707->16709 16710 7ff7d9570873 16708->16710 16714 7ff7d95708a1 16708->16714 16712 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16709->16712 16713 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16710->16713 16711 7ff7d956d9a3 16711->16705 16712->16711 16713->16711 16714->16709 16714->16711 16715 7ff7d9573940 47 API calls 16714->16715 16716 7ff7d956ffd8 47 API calls 16714->16716 16717 7ff7d9570b52 16714->16717 16718 7ff7d9571940 51 API calls 16714->16718 16720 7ff7d9572260 51 API calls 16714->16720 16715->16714 16716->16714 16719 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16717->16719 16718->16714 16719->16709 16720->16714 16722 7ff7d957b52c _set_fmode 11 API calls 16721->16722 16723 7ff7d95756ce 16722->16723 16723->16585 16725 7ff7d9562f4f 16724->16725 16726 7ff7d95628b0 51 API calls 16725->16726 16727 7ff7d9562f7b VerQueryValueA 16726->16727 16728 7ff7d95669e0 _log10_special 8 API calls 16727->16728 16729 7ff7d9562d07 16728->16729 16729->16596 16730->16605 16732 7ff7d9562e36 16731->16732 16735 7ff7d9573e70 16732->16735 16737 7ff7d9573e9a 16735->16737 16736 7ff7d9573ed2 16738 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16736->16738 16737->16736 16739 7ff7d9573f05 16737->16739 16741 7ff7d9573efb 16738->16741 16746 7ff7d956d810 16739->16746 16742 7ff7d9573f6f 16741->16742 16743 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16741->16743 16744 7ff7d9562e4c 16742->16744 16745 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16742->16745 16743->16742 16744->16610 16745->16744 16753 7ff7d956d388 EnterCriticalSection 16746->16753 16748 7ff7d956d82d 16749 7ff7d956fd34 78 API calls 16748->16749 16750 7ff7d956d836 16749->16750 16751 7ff7d956d394 LeaveCriticalSection 16750->16751 16752 7ff7d956d840 16751->16752 16752->16741 16755 7ff7d957f238 16754->16755 16762 7ff7d957ed14 16755->16762 16758 7ff7d957f277 16760 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16758->16760 16761 7ff7d957f28c 16758->16761 16759 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16759->16758 16760->16761 16761->16622 16763 7ff7d957ed5e 16762->16763 16764 7ff7d957ed2f 16762->16764 16772 7ff7d956d388 EnterCriticalSection 16763->16772 16766 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16764->16766 16769 7ff7d957ed4f 16766->16769 16769->16758 16769->16759 16775 7ff7d9573fbe 16774->16775 16776 7ff7d9573ff6 16775->16776 16778 7ff7d9574029 16775->16778 16777 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16776->16777 16780 7ff7d957401f 16777->16780 16785 7ff7d956d790 16778->16785 16781 7ff7d9574093 16780->16781 16782 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16780->16782 16783 7ff7d9562e9c 16781->16783 16784 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16781->16784 16782->16781 16783->16274 16784->16783 16792 7ff7d956d388 EnterCriticalSection 16785->16792 16794 7ff7d95630c5 16793->16794 16797 7ff7d9574544 16794->16797 16798 7ff7d957457d 16797->16798 16801 7ff7d95745c0 16798->16801 16807 7ff7d956da40 16798->16807 16799 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16802 7ff7d95745ff 16799->16802 16801->16799 16801->16802 16803 7ff7d9574625 16802->16803 16804 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16802->16804 16805 7ff7d956304b VerQueryValueW 16803->16805 16806 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16803->16806 16804->16803 16805->16650 16806->16805 16808 7ff7d956da83 16807->16808 16809 7ff7d956daaf 16807->16809 16810 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16808->16810 16809->16808 16811 7ff7d956dab9 16809->16811 16816 7ff7d956daa7 16810->16816 16818 7ff7d95714e0 16811->16818 16812 7ff7d95669e0 _log10_special 8 API calls 16814 7ff7d956dbc8 16812->16814 16814->16801 16815 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16815->16816 16816->16812 16819 7ff7d957151e 16818->16819 16820 7ff7d957150e 16818->16820 16821 7ff7d9571527 16819->16821 16825 7ff7d9571555 16819->16825 16822 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16820->16822 16823 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16821->16823 16824 7ff7d956db57 16822->16824 16823->16824 16824->16815 16825->16820 16825->16824 16829 7ff7d9572b28 16825->16829 16862 7ff7d9571c78 16825->16862 16899 7ff7d9570068 16825->16899 16830 7ff7d9572bdb 16829->16830 16831 7ff7d9572b6a 16829->16831 16832 7ff7d9572c34 16830->16832 16833 7ff7d9572be0 16830->16833 16834 7ff7d9572c05 16831->16834 16835 7ff7d9572b70 16831->16835 16840 7ff7d9572c3e 16832->16840 16841 7ff7d9572c4b 16832->16841 16846 7ff7d9572c43 16832->16846 16836 7ff7d9572c15 16833->16836 16837 7ff7d9572be2 16833->16837 16918 7ff7d956edcc 16834->16918 16838 7ff7d9572b75 16835->16838 16839 7ff7d9572ba4 16835->16839 16925 7ff7d956e9bc 16836->16925 16848 7ff7d9572bf1 16837->16848 16851 7ff7d9572b84 16837->16851 16838->16841 16847 7ff7d9572b7b 16838->16847 16839->16846 16839->16847 16840->16834 16840->16846 16932 7ff7d9573830 16841->16932 16860 7ff7d9572c74 16846->16860 16936 7ff7d956f1dc 16846->16936 16849 7ff7d9572bb6 16847->16849 16847->16851 16857 7ff7d9572b9f 16847->16857 16848->16834 16852 7ff7d9572bf6 16848->16852 16849->16860 16912 7ff7d9573618 16849->16912 16851->16860 16902 7ff7d95732dc 16851->16902 16855 7ff7d95736dc 47 API calls 16852->16855 16852->16860 16854 7ff7d95669e0 _log10_special 8 API calls 16856 7ff7d9572f6e 16854->16856 16855->16857 16856->16825 16858 7ff7d9573940 47 API calls 16857->16858 16857->16860 16861 7ff7d9572e60 16857->16861 16858->16861 16860->16854 16861->16860 16943 7ff7d957e06c 16861->16943 16863 7ff7d9571c9c 16862->16863 16864 7ff7d9571c86 16862->16864 16865 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16863->16865 16866 7ff7d9571cdc 16863->16866 16864->16866 16867 7ff7d9572bdb 16864->16867 16868 7ff7d9572b6a 16864->16868 16865->16866 16866->16825 16869 7ff7d9572c34 16867->16869 16870 7ff7d9572be0 16867->16870 16871 7ff7d9572c05 16868->16871 16872 7ff7d9572b70 16868->16872 16878 7ff7d9572c3e 16869->16878 16879 7ff7d9572c4b 16869->16879 16884 7ff7d9572c43 16869->16884 16873 7ff7d9572c15 16870->16873 16874 7ff7d9572be2 16870->16874 16880 7ff7d956edcc 48 API calls 16871->16880 16875 7ff7d9572b75 16872->16875 16876 7ff7d9572ba4 16872->16876 16882 7ff7d956e9bc 48 API calls 16873->16882 16877 7ff7d9572b84 16874->16877 16888 7ff7d9572bf1 16874->16888 16875->16879 16881 7ff7d9572b7b 16875->16881 16876->16881 16876->16884 16883 7ff7d95732dc 49 API calls 16877->16883 16894 7ff7d9572c74 16877->16894 16878->16871 16878->16884 16885 7ff7d9573830 47 API calls 16879->16885 16895 7ff7d9572b9f 16880->16895 16881->16877 16886 7ff7d9572bb6 16881->16886 16881->16895 16882->16895 16883->16895 16887 7ff7d956f1dc 48 API calls 16884->16887 16884->16894 16885->16895 16889 7ff7d9573618 48 API calls 16886->16889 16886->16894 16887->16895 16888->16871 16890 7ff7d9572bf6 16888->16890 16889->16895 16892 7ff7d95736dc 47 API calls 16890->16892 16890->16894 16891 7ff7d95669e0 _log10_special 8 API calls 16893 7ff7d9572f6e 16891->16893 16892->16895 16893->16825 16894->16891 16895->16894 16896 7ff7d9572e60 16895->16896 16897 7ff7d9573940 47 API calls 16895->16897 16896->16894 16898 7ff7d957e06c 48 API calls 16896->16898 16897->16896 16898->16896 16955 7ff7d956e040 16899->16955 16903 7ff7d9573302 16902->16903 16904 7ff7d956dbf8 12 API calls 16903->16904 16905 7ff7d9573352 16904->16905 16906 7ff7d957dbd4 48 API calls 16905->16906 16907 7ff7d9573425 16906->16907 16908 7ff7d9573940 47 API calls 16907->16908 16909 7ff7d9573447 16907->16909 16908->16909 16909->16909 16910 7ff7d9573940 47 API calls 16909->16910 16911 7ff7d95734d5 16909->16911 16910->16911 16911->16857 16915 7ff7d957364d 16912->16915 16913 7ff7d9573692 16913->16857 16914 7ff7d957366b 16917 7ff7d957e06c 48 API calls 16914->16917 16915->16913 16915->16914 16916 7ff7d9573940 47 API calls 16915->16916 16916->16914 16917->16913 16919 7ff7d956edff 16918->16919 16920 7ff7d956ee2e 16919->16920 16922 7ff7d956eeeb 16919->16922 16921 7ff7d956dca0 12 API calls 16920->16921 16924 7ff7d956ee6b 16920->16924 16921->16924 16923 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16922->16923 16923->16924 16924->16857 16926 7ff7d956e9ef 16925->16926 16927 7ff7d956ea1e 16926->16927 16929 7ff7d956eadb 16926->16929 16928 7ff7d956dca0 12 API calls 16927->16928 16931 7ff7d956ea5b 16927->16931 16928->16931 16930 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16929->16930 16930->16931 16931->16857 16933 7ff7d9573873 16932->16933 16934 7ff7d95738cc 47 API calls 16933->16934 16935 7ff7d9573877 __crtLCMapStringW 16933->16935 16934->16935 16935->16857 16937 7ff7d956f20f 16936->16937 16938 7ff7d956f23e 16937->16938 16940 7ff7d956f2fb 16937->16940 16939 7ff7d956dca0 12 API calls 16938->16939 16942 7ff7d956f27b 16938->16942 16939->16942 16941 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16940->16941 16941->16942 16942->16857 16945 7ff7d957e09d 16943->16945 16952 7ff7d957e0ab 16943->16952 16944 7ff7d957e0cb 16947 7ff7d957e0dc 16944->16947 16948 7ff7d957e103 16944->16948 16945->16944 16946 7ff7d9573940 47 API calls 16945->16946 16945->16952 16946->16944 16949 7ff7d9583430 8 API calls 16947->16949 16950 7ff7d957e18e 16948->16950 16951 7ff7d957e12d 16948->16951 16948->16952 16949->16952 16953 7ff7d9580be4 MultiByteToWideChar 16950->16953 16951->16952 16954 7ff7d9580be4 MultiByteToWideChar 16951->16954 16952->16861 16953->16952 16954->16952 16956 7ff7d956e087 16955->16956 16957 7ff7d956e075 16955->16957 16960 7ff7d956e095 16956->16960 16963 7ff7d956e0d1 16956->16963 16958 7ff7d9576d80 _set_fmode 11 API calls 16957->16958 16959 7ff7d956e07a 16958->16959 16961 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16959->16961 16962 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16960->16962 16967 7ff7d956e085 16961->16967 16962->16967 16964 7ff7d956e44d 16963->16964 16966 7ff7d9576d80 _set_fmode 11 API calls 16963->16966 16965 7ff7d9576d80 _set_fmode 11 API calls 16964->16965 16964->16967 16968 7ff7d956e6e1 16965->16968 16969 7ff7d956e442 16966->16969 16967->16825 16970 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16968->16970 16971 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 16969->16971 16970->16967 16971->16964 16974 7ff7d95740e2 16972->16974 16973 7ff7d957411a 16975 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 16973->16975 16974->16973 16976 7ff7d957414d 16974->16976 16978 7ff7d9574143 16975->16978 16983 7ff7d956d7d0 16976->16983 16979 7ff7d95741b7 16978->16979 16980 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16978->16980 16981 7ff7d9562eec 16979->16981 16982 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 16979->16982 16980->16979 16981->16299 16982->16981 16990 7ff7d956d388 EnterCriticalSection 16983->16990 17001 7ff7d956d43c 16991->17001 17009 7ff7d956d388 EnterCriticalSection 16994->17009 17008 7ff7d9576c04 EnterCriticalSection 17001->17008 17011 7ff7d95628b0 51 API calls 17010->17011 17012 7ff7d9562340 17011->17012 17013 7ff7d95627b6 RegCreateKeyA 17012->17013 17014 7ff7d9561cb0 57 API calls 17012->17014 17015 7ff7d9562809 17013->17015 17016 7ff7d95627d1 RegSetValueExA RegCloseKey 17013->17016 17017 7ff7d9562352 17014->17017 17019 7ff7d95669e0 _log10_special 8 API calls 17015->17019 17016->17015 17017->17013 17018 7ff7d956235e RegOpenKeyA 17017->17018 17020 7ff7d9562448 RegOpenKeyA 17018->17020 17021 7ff7d9562396 RegQueryValueExW 17018->17021 17022 7ff7d9562822 17019->17022 17025 7ff7d956247c RegQueryValueExA 17020->17025 17026 7ff7d95624d1 GetStdHandle GetFileType 17020->17026 17023 7ff7d95623dd RegCloseKey 17021->17023 17024 7ff7d95623c7 17021->17024 17022->16311 17023->17020 17028 7ff7d95623ec 17023->17028 17054 7ff7d9574b10 17024->17054 17029 7ff7d95624be RegCloseKey 17025->17029 17035 7ff7d95624ae 17025->17035 17030 7ff7d95624ee LocalAlloc 17026->17030 17031 7ff7d9562832 17026->17031 17071 7ff7d9562910 17028->17071 17029->17026 17029->17031 17036 7ff7d9561850 11 API calls 17030->17036 17082 7ff7d95622b0 17031->17082 17032 7ff7d95623d7 17032->17023 17035->17029 17042 7ff7d9562520 17036->17042 17037 7ff7d9562837 BuildCatchObjectHelperInternal 17037->16311 17039 7ff7d9561800 80 API calls 17040 7ff7d95623fe 17039->17040 17040->17039 17041 7ff7d956243e 17040->17041 17075 7ff7d95747d4 17040->17075 17041->17013 17041->17015 17042->17042 17043 7ff7d9562780 DialogBoxIndirectParamA LocalFree 17042->17043 17043->17041 17045 7ff7d956187f 17044->17045 17046 7ff7d9561911 SetLastError 17044->17046 17045->17046 17048 7ff7d956188a 17045->17048 17047 7ff7d956190c 17046->17047 17049 7ff7d95669e0 _log10_special 8 API calls 17047->17049 17048->17047 17050 7ff7d956188f GetVersionExA 17048->17050 17051 7ff7d956192e GetProcAddress 17049->17051 17052 7ff7d95618dc 17050->17052 17053 7ff7d95618f0 LoadLibraryExA 17050->17053 17051->16310 17051->16319 17052->17053 17053->17047 17055 7ff7d9574b1d 17054->17055 17056 7ff7d9574b41 17054->17056 17055->17056 17057 7ff7d9574b22 17055->17057 17058 7ff7d9574b7b 17056->17058 17061 7ff7d9574b9a 17056->17061 17059 7ff7d9576d80 _set_fmode 11 API calls 17057->17059 17060 7ff7d9576d80 _set_fmode 11 API calls 17058->17060 17062 7ff7d9574b27 17059->17062 17063 7ff7d9574b80 17060->17063 17064 7ff7d9574a34 47 API calls 17061->17064 17065 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17062->17065 17066 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17063->17066 17070 7ff7d9574ba7 17064->17070 17067 7ff7d9574b32 17065->17067 17068 7ff7d9574b8b 17066->17068 17067->17032 17068->17032 17069 7ff7d957e7b0 53 API calls 17069->17070 17070->17068 17070->17069 17072 7ff7d956293d 17071->17072 17073 7ff7d9573f94 80 API calls 17072->17073 17074 7ff7d956295b 17073->17074 17074->17040 17122 7ff7d9576c04 EnterCriticalSection 17075->17122 17123 7ff7d9562970 17082->17123 17085 7ff7d9562970 80 API calls 17086 7ff7d95622d3 17085->17086 17087 7ff7d9562970 80 API calls 17086->17087 17088 7ff7d95622df 17087->17088 17089 7ff7d95628b0 51 API calls 17088->17089 17090 7ff7d9562340 17089->17090 17091 7ff7d95627b6 RegCreateKeyA 17090->17091 17092 7ff7d9561cb0 57 API calls 17090->17092 17093 7ff7d9562809 17091->17093 17094 7ff7d95627d1 RegSetValueExA RegCloseKey 17091->17094 17095 7ff7d9562352 17092->17095 17097 7ff7d95669e0 _log10_special 8 API calls 17093->17097 17094->17093 17095->17091 17096 7ff7d956235e RegOpenKeyA 17095->17096 17098 7ff7d9562448 RegOpenKeyA 17096->17098 17099 7ff7d9562396 RegQueryValueExW 17096->17099 17100 7ff7d9562822 17097->17100 17103 7ff7d956247c RegQueryValueExA 17098->17103 17104 7ff7d95624d1 GetStdHandle GetFileType 17098->17104 17101 7ff7d95623dd RegCloseKey 17099->17101 17102 7ff7d95623c7 17099->17102 17100->17037 17101->17098 17106 7ff7d95623ec 17101->17106 17105 7ff7d9574b10 53 API calls 17102->17105 17107 7ff7d95624be RegCloseKey 17103->17107 17108 7ff7d95624ae 17103->17108 17109 7ff7d95624ee LocalAlloc 17104->17109 17110 7ff7d9562832 17104->17110 17111 7ff7d95623d7 17105->17111 17113 7ff7d9562910 80 API calls 17106->17113 17107->17104 17107->17110 17108->17107 17114 7ff7d9561850 11 API calls 17109->17114 17112 7ff7d95622b0 110 API calls 17110->17112 17111->17101 17115 7ff7d9562837 BuildCatchObjectHelperInternal 17112->17115 17116 7ff7d95623fe 17113->17116 17120 7ff7d9562520 DialogBoxIndirectParamA LocalFree 17114->17120 17115->17037 17117 7ff7d95747d4 35 API calls 17116->17117 17118 7ff7d9561800 80 API calls 17116->17118 17119 7ff7d956243e 17116->17119 17117->17116 17118->17116 17119->17091 17119->17093 17120->17119 17124 7ff7d956299d 17123->17124 17125 7ff7d95740b8 80 API calls 17124->17125 17126 7ff7d95622c7 17125->17126 17126->17085 17128 7ff7d9573d76 17127->17128 17129 7ff7d9573dae 17128->17129 17130 7ff7d9573de1 17128->17130 17131 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 17129->17131 17138 7ff7d956d850 17130->17138 17133 7ff7d9573dd7 17131->17133 17134 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 17133->17134 17135 7ff7d9573e4b 17133->17135 17134->17135 17136 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 17135->17136 17137 7ff7d956457c 17135->17137 17136->17137 17137->16098 17145 7ff7d956d388 EnterCriticalSection 17138->17145 17140 7ff7d956d86d 17141 7ff7d956fc18 78 API calls 17140->17141 17142 7ff7d956d876 17141->17142 17143 7ff7d956d394 LeaveCriticalSection 17142->17143 17144 7ff7d956d880 17143->17144 17144->17133 17147 7ff7d9561800 80 API calls 17146->17147 17148 7ff7d9565970 17147->17148 17149 7ff7d9561800 80 API calls 17148->17149 17150 7ff7d956597c 17149->17150 17151 7ff7d9561800 80 API calls 17150->17151 17152 7ff7d9565988 17151->17152 17153 7ff7d9561800 80 API calls 17152->17153 17154 7ff7d9565994 17153->17154 17155 7ff7d9561800 80 API calls 17154->17155 17156 7ff7d95659a0 17155->17156 17157 7ff7d9561800 80 API calls 17156->17157 17158 7ff7d95659ac 17157->17158 17159 7ff7d9561800 80 API calls 17158->17159 17160 7ff7d95659b8 17159->17160 17161 7ff7d9561800 80 API calls 17160->17161 17162 7ff7d95659c4 17161->17162 17162->16107 17164 7ff7d95764aa 17163->17164 17169 7ff7d9576489 17163->17169 17165 7ff7d957b3b4 BuildCatchObjectHelperInternal 47 API calls 17164->17165 17166 7ff7d95764af 17165->17166 17167 7ff7d957cfe8 47 API calls 17166->17167 17168 7ff7d95764c8 17167->17168 17168->17169 17196 7ff7d957fe2c 17168->17196 17169->16108 17173 7ff7d9576b3c 17172->17173 17203 7ff7d95767a4 17173->17203 17176 7ff7d9576b90 17178 7ff7d9576ba5 17176->17178 17179 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 17176->17179 17177 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 17177->17176 17178->16108 17179->17178 17181 7ff7d9565a15 17180->17181 17187 7ff7d95659f4 std::exception_ptr::_Current_exception BuildCatchObjectHelperInternal 17180->17187 17182 7ff7d9565b1e 17181->17182 17183 7ff7d9565a28 17181->17183 17240 7ff7d9561750 17182->17240 17185 7ff7d9565a71 17183->17185 17189 7ff7d9565a9d 17183->17189 17190 7ff7d9565a64 17183->17190 17235 7ff7d95668d8 17185->17235 17186 7ff7d9565b23 17243 7ff7d9561730 17186->17243 17187->16108 17192 7ff7d95668d8 Concurrency::cancel_current_task 49 API calls 17189->17192 17195 7ff7d9565a86 BuildCatchObjectHelperInternal 17189->17195 17190->17185 17190->17186 17192->17195 17193 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 17194 7ff7d9565b2f 17193->17194 17195->17187 17195->17193 17197 7ff7d9574a34 47 API calls 17196->17197 17199 7ff7d957fe65 17197->17199 17198 7ff7d957fe71 17201 7ff7d95669e0 _log10_special 8 API calls 17198->17201 17199->17198 17200 7ff7d957ff34 50 API calls 17199->17200 17200->17198 17202 7ff7d95764fe 17201->17202 17202->16108 17204 7ff7d95767e7 17203->17204 17205 7ff7d95767d5 17203->17205 17207 7ff7d9576831 17204->17207 17209 7ff7d95767f4 17204->17209 17206 7ff7d9576d80 _set_fmode 11 API calls 17205->17206 17208 7ff7d95767da 17206->17208 17210 7ff7d957684c 17207->17210 17214 7ff7d9573940 47 API calls 17207->17214 17212 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17208->17212 17213 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 17209->17213 17215 7ff7d957686e 17210->17215 17224 7ff7d9576a94 17210->17224 17219 7ff7d95767e5 17212->17219 17213->17219 17214->17210 17216 7ff7d957690f 17215->17216 17217 7ff7d9576d80 _set_fmode 11 API calls 17215->17217 17218 7ff7d9576d80 _set_fmode 11 API calls 17216->17218 17216->17219 17220 7ff7d9576904 17217->17220 17221 7ff7d95769ba 17218->17221 17219->17176 17219->17177 17222 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17220->17222 17223 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17221->17223 17222->17216 17223->17219 17225 7ff7d9576ab7 17224->17225 17227 7ff7d9576ace 17224->17227 17230 7ff7d9576c74 17225->17230 17228 7ff7d9576abc 17227->17228 17229 7ff7d957fe2c 50 API calls 17227->17229 17228->17210 17229->17228 17231 7ff7d957b3b4 BuildCatchObjectHelperInternal 47 API calls 17230->17231 17232 7ff7d9576c7d 17231->17232 17233 7ff7d957cfe8 47 API calls 17232->17233 17234 7ff7d9576c96 17233->17234 17234->17228 17236 7ff7d95668e3 17235->17236 17237 7ff7d9566902 17236->17237 17238 7ff7d9579d54 Concurrency::cancel_current_task 2 API calls 17236->17238 17239 7ff7d9561730 Concurrency::cancel_current_task 49 API calls 17237->17239 17238->17236 17239->17237 17249 7ff7d956689c 17240->17249 17244 7ff7d956173e Concurrency::cancel_current_task 17243->17244 17245 7ff7d9567a7c Concurrency::cancel_current_task 2 API calls 17244->17245 17246 7ff7d956174f 17245->17246 17247 7ff7d956689c std::_Xinvalid_argument 49 API calls 17246->17247 17248 7ff7d9561760 17247->17248 17254 7ff7d9566818 17249->17254 17253 7ff7d95668be 17262 7ff7d95679c4 17254->17262 17256 7ff7d956684c 17257 7ff7d9567a7c 17256->17257 17258 7ff7d9567a9b 17257->17258 17259 7ff7d9567ab8 RtlPcToFileHeader 17257->17259 17258->17259 17260 7ff7d9567ad0 17259->17260 17261 7ff7d9567adf RaiseException 17259->17261 17260->17261 17261->17253 17263 7ff7d95679e5 17262->17263 17264 7ff7d9567a1a __std_exception_destroy 17262->17264 17263->17264 17265 7ff7d957af1c std::_Xinvalid_argument 47 API calls 17263->17265 17264->17256 17265->17264 17267 7ff7d9561192 17266->17267 17279 7ff7d95612c6 17266->17279 17272 7ff7d9561219 17267->17272 17273 7ff7d95611e0 17267->17273 17268 7ff7d9561750 49 API calls 17269 7ff7d95612cc 17268->17269 17270 7ff7d95679c4 std::_Xinvalid_argument 47 API calls 17269->17270 17275 7ff7d95612f9 17270->17275 17271 7ff7d95668d8 Concurrency::cancel_current_task 49 API calls 17280 7ff7d9561202 BuildCatchObjectHelperInternal 17271->17280 17276 7ff7d95668d8 Concurrency::cancel_current_task 49 API calls 17272->17276 17272->17280 17273->17271 17274 7ff7d95612c0 17273->17274 17277 7ff7d9561730 Concurrency::cancel_current_task 49 API calls 17274->17277 17275->16123 17276->17280 17277->17279 17278 7ff7d956d180 _invalid_parameter_noinfo_noreturn 47 API calls 17278->17274 17279->17268 17280->17278 17281 7ff7d9561278 std::exception_ptr::_Current_exception BuildCatchObjectHelperInternal 17280->17281 17281->16123 17283 7ff7d9561155 17282->17283 17284 7ff7d95610d1 17282->17284 17285 7ff7d9561750 49 API calls 17283->17285 17288 7ff7d95610df BuildCatchObjectHelperInternal 17284->17288 17289 7ff7d9561770 17284->17289 17286 7ff7d956115a 17285->17286 17288->16145 17291 7ff7d95617a4 17289->17291 17290 7ff7d95617b5 17290->17288 17291->17290 17292 7ff7d9566902 17291->17292 17293 7ff7d9579d54 Concurrency::cancel_current_task 2 API calls 17291->17293 17294 7ff7d9561730 Concurrency::cancel_current_task 49 API calls 17292->17294 17293->17291 17294->17292 17296 7ff7d9563710 GetComputerNameA 17295->17296 17368 7ff7d9574fa8 17296->17368 17299 7ff7d95637ae 17384 7ff7d9563690 17299->17384 17300 7ff7d95639a5 17303 7ff7d9563690 82 API calls 17300->17303 17302 7ff7d95637c2 17304 7ff7d95637e0 gethostname gethostbyname 17302->17304 17305 7ff7d95639dd 17303->17305 17390 7ff7d9568800 17304->17390 17308 7ff7d95639ec 17305->17308 17309 7ff7d9563830 17305->17309 17440 7ff7d9576178 17308->17440 17392 7ff7d9563f20 17309->17392 17311 7ff7d956388f 17313 7ff7d9563100 84 API calls 17311->17313 17337 7ff7d9563bcb 17311->17337 17315 7ff7d956389c 17313->17315 17318 7ff7d9563690 82 API calls 17315->17318 17316 7ff7d95669e0 _log10_special 8 API calls 17319 7ff7d9563d25 17316->17319 17317 7ff7d9563a75 17322 7ff7d9564540 80 API calls 17317->17322 17320 7ff7d95638bc 17318->17320 17319->16159 17361 7ff7d9563100 17319->17361 17321 7ff7d9564590 51 API calls 17320->17321 17324 7ff7d95638d3 OpenSCManagerA 17321->17324 17323 7ff7d9563a91 SetLastError 17322->17323 17323->17337 17325 7ff7d9563af8 GetLastError 17324->17325 17336 7ff7d95638f5 17324->17336 17326 7ff7d9563b09 GetStdHandle GetConsoleScreenBufferInfo 17325->17326 17325->17336 17326->17336 17327 7ff7d9563910 CreateServiceA 17329 7ff7d9563964 GetLastError 17327->17329 17330 7ff7d9563aa1 CloseServiceHandle 17327->17330 17328 7ff7d9563690 82 API calls 17328->17336 17331 7ff7d956397c GetLastError 17329->17331 17329->17336 17330->17336 17331->17336 17333 7ff7d9563998 SetLastError 17334 7ff7d9563ad9 CloseServiceHandle SetLastError 17333->17334 17334->17336 17334->17337 17335 7ff7d9563ab9 GetLastError 17335->17327 17335->17336 17336->17324 17336->17325 17336->17327 17336->17328 17336->17333 17336->17334 17336->17335 17336->17337 17338 7ff7d9563f20 134 API calls 17336->17338 17344 7ff7d9563bd2 17336->17344 17458 7ff7d95642d0 GetTickCount 17336->17458 17337->17316 17338->17336 17339 7ff7d9563c01 17340 7ff7d9563d0c 17339->17340 17341 7ff7d9563c0c OpenSCManagerA 17339->17341 17493 7ff7d9563eb0 17340->17493 17473 7ff7d9564410 GetTickCount OpenServiceA 17341->17473 17344->17339 17345 7ff7d9564540 80 API calls 17344->17345 17347 7ff7d9563bfa 17345->17347 17350 7ff7d95635c0 6 API calls 17347->17350 17348 7ff7d9563c57 CloseServiceHandle GetComputerNameA 17351 7ff7d9574fa8 56 API calls 17348->17351 17349 7ff7d9563c45 DeleteService CloseServiceHandle 17349->17348 17350->17339 17352 7ff7d9563c89 17351->17352 17353 7ff7d9563c8d GetSystemDirectoryA 17352->17353 17354 7ff7d9563cb0 17352->17354 17485 7ff7d9576260 17353->17485 17356 7ff7d9564590 51 API calls 17354->17356 17357 7ff7d9563cdd 17356->17357 17358 7ff7d9563ce0 DeleteFileA 17357->17358 17358->17340 17359 7ff7d9563cf1 GetLastError 17358->17359 17359->17340 17360 7ff7d9563cfc Sleep 17359->17360 17360->17340 17360->17358 17362 7ff7d956312b 17361->17362 17363 7ff7d9563110 GetStdHandle GetConsoleScreenBufferInfo 17361->17363 17364 7ff7d9563690 82 API calls 17362->17364 17363->17362 17365 7ff7d9563137 17364->17365 17366 7ff7d956316b 17365->17366 17367 7ff7d9563690 82 API calls 17365->17367 17367->17365 17369 7ff7d9574fb0 17368->17369 17370 7ff7d9574a34 47 API calls 17369->17370 17371 7ff7d9574fdb 17370->17371 17372 7ff7d9574fe8 17371->17372 17373 7ff7d9574ffd 17371->17373 17374 7ff7d9576d80 _set_fmode 11 API calls 17372->17374 17376 7ff7d9575007 17373->17376 17381 7ff7d957501b 17373->17381 17375 7ff7d9574fed 17374->17375 17377 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17375->17377 17499 7ff7d957659c 17376->17499 17383 7ff7d95637a4 17377->17383 17379 7ff7d957ec7c 56 API calls 17379->17381 17380 7ff7d957515b 17382 7ff7d9576d80 _set_fmode 11 API calls 17380->17382 17381->17379 17381->17380 17381->17383 17382->17383 17383->17299 17383->17300 17385 7ff7d95636b5 17384->17385 17508 7ff7d9561df0 GetStdHandle GetFileType 17385->17508 17387 7ff7d95636bd 17388 7ff7d9573e70 80 API calls 17387->17388 17389 7ff7d95636e2 17388->17389 17389->17302 17391 7ff7d9563812 inet_ntoa 17390->17391 17391->17309 17393 7ff7d9563fdc 17392->17393 17394 7ff7d9563f8e 17392->17394 17395 7ff7d9564590 51 API calls 17393->17395 17394->17393 17396 7ff7d9563f93 GetSystemDirectoryA 17394->17396 17398 7ff7d9563ff0 17395->17398 17397 7ff7d9576260 47 API calls 17396->17397 17399 7ff7d9563fb8 17397->17399 17400 7ff7d9564071 FindResourceA 17398->17400 17402 7ff7d9564590 51 API calls 17398->17402 17401 7ff7d9564590 51 API calls 17399->17401 17403 7ff7d9564117 17400->17403 17404 7ff7d956408f LoadResource SizeofResource LockResource 17400->17404 17405 7ff7d9563fd7 17401->17405 17402->17405 17406 7ff7d956412c GetLastError 17403->17406 17407 7ff7d9564121 GetLastError 17403->17407 17509 7ff7d9575c20 17404->17509 17405->17400 17409 7ff7d9564137 17406->17409 17407->17406 17423 7ff7d95640ea 17407->17423 17413 7ff7d9564157 17409->17413 17544 7ff7d9563260 FindResourceA 17409->17544 17412 7ff7d95640cf 17528 7ff7d9575f9c 17412->17528 17418 7ff7d9563100 84 API calls 17413->17418 17413->17423 17415 7ff7d95669e0 _log10_special 8 API calls 17417 7ff7d95640fc 17415->17417 17417->17311 17422 7ff7d9564160 17418->17422 17420 7ff7d9564235 17421 7ff7d9563eb0 51 API calls 17420->17421 17421->17423 17422->17420 17424 7ff7d9564540 80 API calls 17422->17424 17423->17415 17425 7ff7d956419f GetLastError 17424->17425 17426 7ff7d95635c0 6 API calls 17425->17426 17427 7ff7d95641ae 17426->17427 17428 7ff7d95641f9 17427->17428 17431 7ff7d95641b8 17427->17431 17429 7ff7d956420b 17428->17429 17430 7ff7d95641f0 17428->17430 17432 7ff7d9564540 80 API calls 17429->17432 17433 7ff7d9564540 80 API calls 17430->17433 17431->17420 17431->17430 17434 7ff7d95641d5 17431->17434 17435 7ff7d9564217 17432->17435 17433->17420 17436 7ff7d9564540 80 API calls 17434->17436 17437 7ff7d9563eb0 51 API calls 17435->17437 17438 7ff7d95641e1 17436->17438 17437->17423 17439 7ff7d9563eb0 51 API calls 17438->17439 17439->17423 17441 7ff7d9576198 17440->17441 17442 7ff7d95761af 17440->17442 17444 7ff7d9576d80 _set_fmode 11 API calls 17441->17444 17712 7ff7d9576114 17442->17712 17445 7ff7d957619d 17444->17445 17447 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17445->17447 17448 7ff7d9563a5b WaitForSingleObject 17447->17448 17448->17311 17448->17317 17449 7ff7d95761c2 CreateThread 17449->17448 17450 7ff7d95761f2 GetLastError 17449->17450 17719 7ff7d9576cf4 17450->17719 17453 7ff7d957620e 17455 7ff7d957621d 17453->17455 17456 7ff7d9576217 FreeLibrary 17453->17456 17454 7ff7d9576208 CloseHandle 17454->17453 17457 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17455->17457 17456->17455 17457->17448 17459 7ff7d956430e OpenServiceA 17458->17459 17460 7ff7d9564308 CloseServiceHandle 17458->17460 17461 7ff7d95643e6 17459->17461 17462 7ff7d9564330 StartServiceA 17459->17462 17460->17459 17463 7ff7d95669e0 _log10_special 8 API calls 17461->17463 17464 7ff7d956434f QueryServiceStatus 17462->17464 17465 7ff7d9564342 GetLastError 17462->17465 17466 7ff7d95643f3 17463->17466 17467 7ff7d95643ad 17464->17467 17468 7ff7d956436a 17464->17468 17465->17464 17465->17467 17466->17336 17469 7ff7d95643bc GetLastError CloseServiceHandle SetLastError 17467->17469 17468->17467 17468->17469 17470 7ff7d956437d GetTickCount 17468->17470 17469->17461 17471 7ff7d956438c Sleep QueryServiceStatus 17470->17471 17472 7ff7d95643af SetLastError 17470->17472 17471->17467 17471->17468 17472->17467 17474 7ff7d95644c3 17473->17474 17475 7ff7d9564456 ControlService 17473->17475 17478 7ff7d95669e0 _log10_special 8 API calls 17474->17478 17476 7ff7d95644b8 CloseServiceHandle 17475->17476 17477 7ff7d956446f QueryServiceStatus 17475->17477 17476->17474 17479 7ff7d95644a9 17477->17479 17480 7ff7d9564481 17477->17480 17481 7ff7d9563c2b OpenServiceA 17478->17481 17479->17476 17480->17476 17482 7ff7d9564488 GetTickCount 17480->17482 17481->17348 17481->17349 17483 7ff7d95644ab SetLastError 17482->17483 17484 7ff7d9564497 QueryServiceStatus 17482->17484 17483->17479 17484->17479 17484->17480 17486 7ff7d9576268 17485->17486 17487 7ff7d9574a34 47 API calls 17486->17487 17488 7ff7d957628b 17487->17488 17489 7ff7d9576d80 _set_fmode 11 API calls 17488->17489 17492 7ff7d95762a0 17488->17492 17490 7ff7d9576295 17489->17490 17491 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17490->17491 17491->17492 17492->17354 17494 7ff7d9563eeb 17493->17494 17495 7ff7d9563ed2 17493->17495 17497 7ff7d95669e0 _log10_special 8 API calls 17494->17497 17724 7ff7d95644e0 17495->17724 17498 7ff7d9563f0b 17497->17498 17498->17337 17500 7ff7d95765c8 17499->17500 17501 7ff7d95765b1 17499->17501 17500->17501 17503 7ff7d95765cd 17500->17503 17502 7ff7d9576d80 _set_fmode 11 API calls 17501->17502 17504 7ff7d95765b6 17502->17504 17505 7ff7d9574a34 47 API calls 17503->17505 17506 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17504->17506 17507 7ff7d95765c1 17505->17507 17506->17507 17507->17383 17508->17387 17510 7ff7d9575b64 17509->17510 17511 7ff7d9575b81 17510->17511 17513 7ff7d9575bad 17510->17513 17512 7ff7d9576d80 _set_fmode 11 API calls 17511->17512 17514 7ff7d9575b86 17512->17514 17515 7ff7d9575bb2 17513->17515 17516 7ff7d9575bbf 17513->17516 17517 7ff7d956d160 _invalid_parameter_noinfo 47 API calls 17514->17517 17518 7ff7d9576d80 _set_fmode 11 API calls 17515->17518 17552 7ff7d957f564 17516->17552 17520 7ff7d95640c7 17517->17520 17518->17520 17520->17403 17520->17412 17529 7ff7d9575fcc 17528->17529 17686 7ff7d9575cec 17529->17686 17531 7ff7d9576010 17534 7ff7d95640e2 17531->17534 17535 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 17531->17535 17533 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 17533->17531 17536 7ff7d9575acc 17534->17536 17535->17534 17537 7ff7d9575afc 17536->17537 17701 7ff7d95759a8 17537->17701 17539 7ff7d9575b15 17540 7ff7d9575b3a 17539->17540 17541 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 17539->17541 17542 7ff7d956cd74 _invalid_parameter_noinfo 47 API calls 17540->17542 17543 7ff7d9575b4f 17540->17543 17541->17540 17542->17543 17543->17423 17545 7ff7d9563291 LoadResource SizeofResource LockResource 17544->17545 17547 7ff7d95632ea 17544->17547 17546 7ff7d9575c20 108 API calls 17545->17546 17548 7ff7d95632c7 17546->17548 17547->17413 17548->17547 17549 7ff7d9575f9c 78 API calls 17548->17549 17550 7ff7d95632e2 17549->17550 17551 7ff7d9575acc 76 API calls 17550->17551 17551->17547 17565 7ff7d9576c04 EnterCriticalSection 17552->17565 17687 7ff7d9575d0c 17686->17687 17688 7ff7d9575d39 17686->17688 17687->17688 17689 7ff7d9575d16 17687->17689 17690 7ff7d9575d41 17687->17690 17688->17531 17688->17533 17691 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 17689->17691 17693 7ff7d9575c2c 17690->17693 17691->17688 17700 7ff7d956d388 EnterCriticalSection 17693->17700 17702 7ff7d95759c3 17701->17702 17703 7ff7d95759f1 17701->17703 17704 7ff7d956d094 _invalid_parameter_noinfo 47 API calls 17702->17704 17710 7ff7d95759e3 17703->17710 17711 7ff7d956d388 EnterCriticalSection 17703->17711 17704->17710 17710->17539 17713 7ff7d957b714 _set_fmode 11 API calls 17712->17713 17714 7ff7d9576136 17713->17714 17715 7ff7d957b78c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17714->17715 17716 7ff7d9576140 17715->17716 17717 7ff7d9576149 GetModuleHandleExW 17716->17717 17718 7ff7d9576145 17716->17718 17717->17718 17718->17448 17718->17449 17720 7ff7d957b52c _set_fmode 11 API calls 17719->17720 17721 7ff7d9576d01 Concurrency::details::SchedulerProxy::DeleteThis 17720->17721 17722 7ff7d957b52c _set_fmode 11 API calls 17721->17722 17723 7ff7d95761ff 17722->17723 17723->17453 17723->17454 17725 7ff7d9564505 17724->17725 17726 7ff7d95741dc 51 API calls 17725->17726 17727 7ff7d9564528 17726->17727 17727->17494 17729 7ff7d95631b9 LookupPrivilegeValueA 17728->17729 17730 7ff7d9563245 17728->17730 17729->17730 17731 7ff7d95631cd AdjustTokenPrivileges 17729->17731 17732 7ff7d95669e0 _log10_special 8 API calls 17730->17732 17733 7ff7d9563214 GetLastError 17731->17733 17734 7ff7d956321f CloseHandle 17731->17734 17735 7ff7d9563254 17732->17735 17733->17734 17736 7ff7d95669e0 _log10_special 8 API calls 17734->17736 17735->16229 17737 7ff7d956323f 17736->17737 17737->16229 17739 7ff7d957b3b4 BuildCatchObjectHelperInternal 47 API calls 17738->17739 17740 7ff7d957aef9 17739->17740 17741 7ff7d9579838 BuildCatchObjectHelperInternal 47 API calls 17740->17741 17742 7ff7d957af19 17741->17742

    Executed Functions

    Function 00007FF7D9561850 Relevance: 4.6, APIs: 3, Instructions: 58libraryCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorLastLibraryLoadVersion
    • String ID:
    • API String ID: 2860043691-0
    • Opcode ID: f8fb0feaf9db0fed3e1d65a4a0baba15cb90e3a5027e9085c18fd386d3f2ccbc
    • Instruction ID: 2885efc6e22eb12ba4285edf181e1746da3281a786c5485d8d7eaaf0689da860
    • Opcode Fuzzy Hash: f8fb0feaf9db0fed3e1d65a4a0baba15cb90e3a5027e9085c18fd386d3f2ccbc
    • Instruction Fuzzy Hash: 8C216222E1D78686F6609F11A91037DE3B0FBE9B84F815236DA8D42A95DE7CE5D0C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95622B0 Relevance: 59.9, APIs: 14, Strings: 20, Instructions: 359registrymemoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 0 7ff7d95622b0-7ff7d9562344 call 7ff7d9562970 * 3 call 7ff7d9574f9c call 7ff7d95628b0 12 7ff7d956234a-7ff7d9562358 call 7ff7d9561cb0 0->12 13 7ff7d95627b6-7ff7d95627cf RegCreateKeyA 0->13 12->13 19 7ff7d956235e-7ff7d9562390 RegOpenKeyA 12->19 15 7ff7d9562809 13->15 16 7ff7d95627d1-7ff7d9562803 RegSetValueExA RegCloseKey 13->16 18 7ff7d956280d-7ff7d9562831 call 7ff7d95669e0 15->18 16->15 21 7ff7d9562448-7ff7d956247a RegOpenKeyA 19->21 22 7ff7d9562396-7ff7d95623c5 RegQueryValueExW 19->22 26 7ff7d956247c-7ff7d95624ac RegQueryValueExA 21->26 27 7ff7d95624d1-7ff7d95624e8 GetStdHandle GetFileType 21->27 24 7ff7d95623dd-7ff7d95623ea RegCloseKey 22->24 25 7ff7d95623c7-7ff7d95623d9 call 7ff7d9574b10 22->25 24->21 29 7ff7d95623ec-7ff7d95623fe call 7ff7d9562910 24->29 25->24 30 7ff7d95624be-7ff7d95624cb RegCloseKey 26->30 31 7ff7d95624ae-7ff7d95624b3 26->31 32 7ff7d95624ee-7ff7d9562547 LocalAlloc call 7ff7d9561850 27->32 33 7ff7d9562832-7ff7d956286b call 7ff7d95622b0 27->33 44 7ff7d9562400-7ff7d9562428 call 7ff7d9561800 call 7ff7d95747d4 call 7ff7d9561800 29->44 30->27 30->33 31->30 37 7ff7d95624b5-7ff7d95624ba 31->37 42 7ff7d9562550-7ff7d956255e 32->42 43 7ff7d9562870-7ff7d9562877 33->43 37->30 42->42 45 7ff7d9562560-7ff7d95625ce 42->45 43->43 46 7ff7d9562879-7ff7d95628aa call 7ff7d9568800 43->46 60 7ff7d956242a-7ff7d956242d 44->60 61 7ff7d9562431-7ff7d9562437 44->61 52 7ff7d95625d0-7ff7d95625de 45->52 52->52 55 7ff7d95625e0-7ff7d9562629 52->55 57 7ff7d9562630-7ff7d956263e 55->57 57->57 59 7ff7d9562640-7ff7d956268a 57->59 62 7ff7d9562690-7ff7d956269f 59->62 60->61 63 7ff7d956243e-7ff7d9562443 61->63 64 7ff7d9562439-7ff7d956243c 61->64 62->62 65 7ff7d95626a1-7ff7d95626e9 62->65 66 7ff7d95627b0-7ff7d95627b4 63->66 64->44 64->63 67 7ff7d95626f0-7ff7d95626ff 65->67 66->13 66->18 67->67 68 7ff7d9562701-7ff7d9562748 67->68 69 7ff7d9562750-7ff7d956275f 68->69 69->69 70 7ff7d9562761-7ff7d9562768 69->70 71 7ff7d9562770-7ff7d956277e 70->71 71->71 72 7ff7d9562780-7ff7d95627aa DialogBoxIndirectParamA LocalFree 71->72 72->66
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CloseValue$OpenQuery$Local$AllocCreateDialogFileFreeHandleIndirectParamType_invalid_parameter_noinfo
    • String ID: %c$%ls$&Agree$&Decline$&Print$Accept Eula (Y/N)?$EulaAccepted$License Agreement$MS Shell Dlg$NanoServer$ProductName$RICHEDIT$Riched32.dll$Software\Microsoft\Windows NT\CurrentVersion\Server\ServerLevels$Software\Microsoft\windows nt\currentversion$Software\Sysinternals\%s$This is the first run of this program. You must accept EULA to continue.$Use -accepteula to accept EULA.$You can also use the /accepteula command-line switch to accept the EULA.$iotuap
    • API String ID: 3600971980-1896805070
    • Opcode ID: c63fe1b19426337165ebbb0450675e099f2da8c80aa49340a418083c48849773
    • Instruction ID: 88fb2e8eff2cfa649f9d67bc41a2b5090c1931fdbf4971efd3b2d4aee84d397f
    • Opcode Fuzzy Hash: c63fe1b19426337165ebbb0450675e099f2da8c80aa49340a418083c48849773
    • Instruction Fuzzy Hash: C6F19F76614A8696EB50AF24E4402AEB7B0FB84B94FD04237DA5E836E4DF7CD149C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95622F0 Relevance: 54.6, APIs: 14, Strings: 17, Instructions: 340registrymemoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 73 7ff7d95622f0-7ff7d9562344 call 7ff7d95628b0 76 7ff7d956234a-7ff7d9562358 call 7ff7d9561cb0 73->76 77 7ff7d95627b6-7ff7d95627cf RegCreateKeyA 73->77 76->77 83 7ff7d956235e-7ff7d9562390 RegOpenKeyA 76->83 79 7ff7d9562809 77->79 80 7ff7d95627d1-7ff7d9562803 RegSetValueExA RegCloseKey 77->80 82 7ff7d956280d-7ff7d9562831 call 7ff7d95669e0 79->82 80->79 85 7ff7d9562448-7ff7d956247a RegOpenKeyA 83->85 86 7ff7d9562396-7ff7d95623c5 RegQueryValueExW 83->86 90 7ff7d956247c-7ff7d95624ac RegQueryValueExA 85->90 91 7ff7d95624d1-7ff7d95624e8 GetStdHandle GetFileType 85->91 88 7ff7d95623dd-7ff7d95623ea RegCloseKey 86->88 89 7ff7d95623c7-7ff7d95623d9 call 7ff7d9574b10 86->89 88->85 93 7ff7d95623ec-7ff7d95623fe call 7ff7d9562910 88->93 89->88 94 7ff7d95624be-7ff7d95624cb RegCloseKey 90->94 95 7ff7d95624ae-7ff7d95624b3 90->95 96 7ff7d95624ee-7ff7d9562547 LocalAlloc call 7ff7d9561850 91->96 97 7ff7d9562832-7ff7d956286b call 7ff7d95622b0 91->97 108 7ff7d9562400-7ff7d9562428 call 7ff7d9561800 call 7ff7d95747d4 call 7ff7d9561800 93->108 94->91 94->97 95->94 101 7ff7d95624b5-7ff7d95624ba 95->101 106 7ff7d9562550-7ff7d956255e 96->106 107 7ff7d9562870-7ff7d9562877 97->107 101->94 106->106 109 7ff7d9562560-7ff7d95625ce 106->109 107->107 110 7ff7d9562879-7ff7d95628aa call 7ff7d9568800 107->110 124 7ff7d956242a-7ff7d956242d 108->124 125 7ff7d9562431-7ff7d9562437 108->125 116 7ff7d95625d0-7ff7d95625de 109->116 116->116 119 7ff7d95625e0-7ff7d9562629 116->119 121 7ff7d9562630-7ff7d956263e 119->121 121->121 123 7ff7d9562640-7ff7d956268a 121->123 126 7ff7d9562690-7ff7d956269f 123->126 124->125 127 7ff7d956243e-7ff7d9562443 125->127 128 7ff7d9562439-7ff7d956243c 125->128 126->126 129 7ff7d95626a1-7ff7d95626e9 126->129 130 7ff7d95627b0-7ff7d95627b4 127->130 128->108 128->127 131 7ff7d95626f0-7ff7d95626ff 129->131 130->77 130->82 131->131 132 7ff7d9562701-7ff7d9562748 131->132 133 7ff7d9562750-7ff7d956275f 132->133 133->133 134 7ff7d9562761-7ff7d9562768 133->134 135 7ff7d9562770-7ff7d956277e 134->135 135->135 136 7ff7d9562780-7ff7d95627aa DialogBoxIndirectParamA LocalFree 135->136 136->130
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CloseValue$OpenQuery$Local$AllocCreateDialogFileFreeHandleIndirectParamType_invalid_parameter_noinfo
    • String ID: %c$&Agree$&Decline$&Print$Accept Eula (Y/N)?$EulaAccepted$License Agreement$MS Shell Dlg$NanoServer$ProductName$RICHEDIT$Riched32.dll$Software\Microsoft\Windows NT\CurrentVersion\Server\ServerLevels$Software\Microsoft\windows nt\currentversion$Software\Sysinternals\%s$You can also use the /accepteula command-line switch to accept the EULA.$iotuap
    • API String ID: 3600971980-2005152718
    • Opcode ID: ec4c24f9ed0252fde395a83117b0eec2cb02c8789f4a751e6963f65825b34858
    • Instruction ID: ba2ff1780515111a6dd55870608b2b38ba3e07cd205fe0a94af5256f37d7ae90
    • Opcode Fuzzy Hash: ec4c24f9ed0252fde395a83117b0eec2cb02c8789f4a751e6963f65825b34858
    • Instruction Fuzzy Hash: 85F18E7661478696EB50AF24E4402AEB7B0FB84B94FD04236DA5E837E4EF7CD149C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9565B30 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 197COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 137 7ff7d9565b30-7ff7d9565b5d call 7ff7d9563490 call 7ff7d95633b0 142 7ff7d9565b83-7ff7d9565b91 call 7ff7d9564fd0 137->142 143 7ff7d9565b5f-7ff7d9565b82 call 7ff7d9561800 call 7ff7d95669e0 137->143 149 7ff7d9565b97-7ff7d9565b9e 142->149 150 7ff7d9565ec1-7ff7d9565ec6 call 7ff7d9574f9c 142->150 153 7ff7d9565c06-7ff7d9565c33 call 7ff7d95614f0 call 7ff7d9564f40 149->153 154 7ff7d9565ba0-7ff7d9565ba7 149->154 155 7ff7d9565ecb 150->155 168 7ff7d9565c67-7ff7d9565c6f 153->168 169 7ff7d9565c35-7ff7d9565c47 153->169 154->153 157 7ff7d9565ba9-7ff7d9565bcb call 7ff7d9561660 call 7ff7d9564f40 154->157 158 7ff7d9565ecc-7ff7d9565ed1 call 7ff7d956d180 155->158 172 7ff7d9565bcd-7ff7d9565bdf 157->172 173 7ff7d9565bff 157->173 170 7ff7d9565d7e-7ff7d9565da1 call 7ff7d95645f0 168->170 171 7ff7d9565c75-7ff7d9565ca9 call 7ff7d9576554 168->171 174 7ff7d9565c49-7ff7d9565c5c 169->174 175 7ff7d9565c62 call 7ff7d9566914 169->175 188 7ff7d9565e1e-7ff7d9565e2c 170->188 189 7ff7d9565da3-7ff7d9565dbb 170->189 171->170 187 7ff7d9565caf-7ff7d9565cbb call 7ff7d95652b0 171->187 179 7ff7d9565bfa call 7ff7d9566914 172->179 180 7ff7d9565be1-7ff7d9565bf4 172->180 173->153 174->175 181 7ff7d9565ebb-7ff7d9565ec0 call 7ff7d956d180 174->181 175->168 179->173 180->158 180->179 181->150 202 7ff7d9565e14-7ff7d9565e19 187->202 203 7ff7d9565cc1-7ff7d9565cd9 187->203 190 7ff7d9565e2e-7ff7d9565e53 call 7ff7d9561800 188->190 191 7ff7d9565e55-7ff7d9565e66 188->191 193 7ff7d9565dbd-7ff7d9565dd4 call 7ff7d9561800 189->193 194 7ff7d9565dd6-7ff7d9565def call 7ff7d9561800 189->194 209 7ff7d9565e9e 190->209 197 7ff7d9565e68-7ff7d9565e7f call 7ff7d9561800 191->197 198 7ff7d9565e81-7ff7d9565e99 call 7ff7d9561800 191->198 207 7ff7d9565df4-7ff7d9565df7 193->207 194->207 197->209 198->209 208 7ff7d9565ea0-7ff7d9565eba call 7ff7d95669e0 202->208 210 7ff7d9565cdb-7ff7d9565ce2 203->210 211 7ff7d9565d49-7ff7d9565d79 call 7ff7d9561800 203->211 213 7ff7d9565e0d-7ff7d9565e0f call 7ff7d95635c0 207->213 214 7ff7d9565df9-7ff7d9565e08 call 7ff7d9561800 207->214 209->208 217 7ff7d9565d1a-7ff7d9565d44 call 7ff7d9561800 210->217 218 7ff7d9565ce4-7ff7d9565d15 call 7ff7d9561800 210->218 211->209 213->202 214->208 217->209 218->209
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ConditionMask$FileInfoVersion$ModuleNameQuerySizeValueVerify
    • String ID: %d processes named %s %s on %s.$Process %d on %s %s.$Process %s %s on %s.$%d processes named %s %s.$Process %d %s.$Process %s %s.$Process does not exist.$PsSuspend requires Windows XP or higher.$Unable to %s process %d:$Unable to %s process %s:$resume$resumed$suspend$suspended
    • API String ID: 125221401-2044381289
    • Opcode ID: d995e2a3389b1a73c3b0516c7f8bd9167139cdd5e901547235eb1dd0a4494840
    • Instruction ID: 7a6cb1ff99f1fae59f7ac8a0c79b181428967d547426304e71cda2392ca87b7f
    • Opcode Fuzzy Hash: d995e2a3389b1a73c3b0516c7f8bd9167139cdd5e901547235eb1dd0a4494840
    • Instruction Fuzzy Hash: 63A13560A0C68B91FA10BFA4A9452BDE3B1AF55388FD00137E55F466E6EF2CF585C324
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95629D0 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 178COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: File$InfoVersion$ModuleNameSizeType_invalid_parameter_noinfo
    • String ID: %s v%s - %s%s%s$-nobanner$/nobanner$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright
    • API String ID: 3844022617-548209735
    • Opcode ID: 9fe3fe56a3bc1783d7296a291e943db27342f30d969d9633f42cefd8526b1e61
    • Instruction ID: 6325b7507733706442b141dacf980ef2a71302571ac3516091ebd8a5a70f926d
    • Opcode Fuzzy Hash: 9fe3fe56a3bc1783d7296a291e943db27342f30d969d9633f42cefd8526b1e61
    • Instruction Fuzzy Hash: CD61AB21B0964A91EA10FF21A8412BDE3B2AF45B80FC0453ADE4F877D6EE7CE545C320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9561940 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 133windowCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Item$MessageSend$DialogText
    • String ID: %s License Agreement
    • API String ID: 1042850797-1285993597
    • Opcode ID: 6798089721ea943f55393e752dcc73c1cc1d7ed2a9b86696931b051ae3d5118d
    • Instruction ID: cfd8129db0e1f8be907f9c493820d66397185cfae6db3f752fe25466d5bdba33
    • Opcode Fuzzy Hash: 6798089721ea943f55393e752dcc73c1cc1d7ed2a9b86696931b051ae3d5118d
    • Instruction Fuzzy Hash: 3551E631A1C68A45FB65AF11EA143BEA670EB86BD4FC04232D95F47BD4DE3CE5458320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95620D0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 135libraryloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: AddressCommandLineProc_invalid_parameter_noinfo
    • String ID: -accepteula$-accepteula$/accepteula$/accepteula$CommandLineToArgvW$Shell32.dll
    • API String ID: 1655280681-141907337
    • Opcode ID: ed8ee9ad1bfbafba90d2b0486439dec6d6aeb1cbd4e7fa8a0fcb01b524c69651
    • Instruction ID: f4aa26ee6f32bde098da3db23abb211ec6337e543e1a0b96a87301441b5e4a1c
    • Opcode Fuzzy Hash: ed8ee9ad1bfbafba90d2b0486439dec6d6aeb1cbd4e7fa8a0fcb01b524c69651
    • Instruction Fuzzy Hash: 84516336A19A4A92EA00BF11E98057DB3B5BB48B84FD05137CA1E83395EF7DE545C360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9562C80 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 87COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: File$HandleModuleNameQueryTypeValue
    • String ID: %s v%s - %s%s%s$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright
    • API String ID: 783319326-3661493233
    • Opcode ID: 67788d3a5ec4b91ccdc14571b5c88fd2690ab7ef12b708adc46427271e586b08
    • Instruction ID: 18755e9e6b8902c06b1291cb5143aaf7c50d87f33d67cb9ea1a8b3c9b21508ee
    • Opcode Fuzzy Hash: 67788d3a5ec4b91ccdc14571b5c88fd2690ab7ef12b708adc46427271e586b08
    • Instruction Fuzzy Hash: 86417E25A0874A91EA10BF61A8512FDE3B5AB497C4FC0053ADA8F47BC6DE7CE1018760
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9563490 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 82COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: File$InfoVersion$ModuleNameQuerySizeValue$Type
    • String ID: Eula declined.$InternalName$\VarFileInfo\Translation
    • API String ID: 4203176825-1977735864
    • Opcode ID: 8e2c842d304d95638b9645b4af040fb7da88585d5683c4b1870ada375d38f4a8
    • Instruction ID: 37a7ef7126cdb96dc12695e5e15a3fa0292d9bb66a049fdeab802e800460eb54
    • Opcode Fuzzy Hash: 8e2c842d304d95638b9645b4af040fb7da88585d5683c4b1870ada375d38f4a8
    • Instruction Fuzzy Hash: FE21522170864A51EA10BF61E8112FEE361AF89BC4FC44137EA4E47BD6EE3CD545C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9561CB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63registryCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CloseOpenQueryValue
    • String ID: %s\%s$EulaAccepted$Software\Sysinternals
    • API String ID: 3677997916-3658423490
    • Opcode ID: 0ff05d51549c6f9fc5bc7bb2bca3747fcebeee6d98de81ad172b34fec1bb94dd
    • Instruction ID: 954069c749f0f9c73e96291d7e7b3161d57a0daad405a26529192438fa8f32cc
    • Opcode Fuzzy Hash: 0ff05d51549c6f9fc5bc7bb2bca3747fcebeee6d98de81ad172b34fec1bb94dd
    • Instruction Fuzzy Hash: 63312136618A4581EBA0AF21E8417AEB3B4FB84794FC01232EA8E42BD5DF3DD144CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9561C10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39registryCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CloseOpenQueryValue
    • String ID: EulaAccepted
    • API String ID: 3677997916-921354838
    • Opcode ID: c196d096069b25e58f213d5b680a2823bbc90abffaf16d64fc4c3f44d89dd175
    • Instruction ID: ed00391fc0e7d941633a7c1a74ab73d15dc05b71e3d67725be26adef845a6abd
    • Opcode Fuzzy Hash: c196d096069b25e58f213d5b680a2823bbc90abffaf16d64fc4c3f44d89dd175
    • Instruction Fuzzy Hash: 22013932728B8583EB509F65F44096EE3B4FB84784F801136EA8E42B58DF7CD144CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957CC80 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 481 7ff7d957cc80-7ff7d957cca5 482 7ff7d957ccab-7ff7d957ccae 481->482 483 7ff7d957cf73 481->483 485 7ff7d957cce7-7ff7d957cd13 482->485 486 7ff7d957ccb0-7ff7d957cce2 call 7ff7d956d094 482->486 484 7ff7d957cf75-7ff7d957cf85 483->484 488 7ff7d957cd1e-7ff7d957cd24 485->488 489 7ff7d957cd15-7ff7d957cd1c 485->489 486->484 491 7ff7d957cd26-7ff7d957cd2f call 7ff7d9583428 488->491 492 7ff7d957cd34-7ff7d957cd49 call 7ff7d95830bc 488->492 489->486 489->488 491->492 496 7ff7d957ce63-7ff7d957ce6c 492->496 497 7ff7d957cd4f-7ff7d957cd58 492->497 498 7ff7d957ce6e-7ff7d957ce74 496->498 499 7ff7d957cec0-7ff7d957cee5 WriteFile 496->499 497->496 500 7ff7d957cd5e-7ff7d957cd62 497->500 501 7ff7d957ceac-7ff7d957ceb9 call 7ff7d957c738 498->501 502 7ff7d957ce76-7ff7d957ce79 498->502 505 7ff7d957cee7-7ff7d957ceed GetLastError 499->505 506 7ff7d957cef0 499->506 503 7ff7d957cd64-7ff7d957cd6c call 7ff7d9573940 500->503 504 7ff7d957cd73-7ff7d957cd7e 500->504 521 7ff7d957cebe 501->521 507 7ff7d957ce7b-7ff7d957ce7e 502->507 508 7ff7d957ce98-7ff7d957ceaa call 7ff7d957c958 502->508 503->504 510 7ff7d957cd80-7ff7d957cd89 504->510 511 7ff7d957cd8f-7ff7d957cda4 GetConsoleMode 504->511 505->506 513 7ff7d957cef3 506->513 515 7ff7d957cf04-7ff7d957cf0e 507->515 516 7ff7d957ce84-7ff7d957ce96 call 7ff7d957c83c 507->516 529 7ff7d957ce50-7ff7d957ce57 508->529 510->496 510->511 519 7ff7d957ce5c 511->519 520 7ff7d957cdaa-7ff7d957cdb0 511->520 514 7ff7d957cef8 513->514 522 7ff7d957cefd 514->522 523 7ff7d957cf6c-7ff7d957cf71 515->523 524 7ff7d957cf10-7ff7d957cf15 515->524 516->529 519->496 527 7ff7d957ce39-7ff7d957ce4b call 7ff7d957c2c0 520->527 528 7ff7d957cdb6-7ff7d957cdb9 520->528 521->529 522->515 523->484 530 7ff7d957cf17-7ff7d957cf1a 524->530 531 7ff7d957cf43-7ff7d957cf4d 524->531 527->529 534 7ff7d957cdbb-7ff7d957cdbe 528->534 535 7ff7d957cdc4-7ff7d957cdd2 528->535 529->514 536 7ff7d957cf1c-7ff7d957cf2b 530->536 537 7ff7d957cf33-7ff7d957cf3e call 7ff7d9576d3c 530->537 538 7ff7d957cf54-7ff7d957cf63 531->538 539 7ff7d957cf4f-7ff7d957cf52 531->539 534->522 534->535 540 7ff7d957cdd4 535->540 541 7ff7d957ce30-7ff7d957ce34 535->541 536->537 537->531 538->523 539->483 539->538 543 7ff7d957cdd8-7ff7d957cdef call 7ff7d9583618 540->543 541->513 547 7ff7d957ce27-7ff7d957ce2d GetLastError 543->547 548 7ff7d957cdf1-7ff7d957cdfd 543->548 547->541 549 7ff7d957ce1c-7ff7d957ce23 548->549 550 7ff7d957cdff-7ff7d957ce11 call 7ff7d9583618 548->550 549->541 552 7ff7d957ce25 549->552 550->547 554 7ff7d957ce13-7ff7d957ce1a 550->554 552->543 554->549
    APIs
    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7D957CC6B), ref: 00007FF7D957CD9C
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7D957CC6B), ref: 00007FF7D957CE27
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ConsoleErrorLastMode
    • String ID:
    • API String ID: 953036326-0
    • Opcode ID: 40771b9f8602252bcaa5997fe77a48a93ef896e15ff0a15f8ec5b875b6bba1c3
    • Instruction ID: 14ae1d10392fb63357ec12f7cb22d330b17fde10bde4be92672c5904138a0719
    • Opcode Fuzzy Hash: 40771b9f8602252bcaa5997fe77a48a93ef896e15ff0a15f8ec5b875b6bba1c3
    • Instruction Fuzzy Hash: 7B91C472A18659A5F751BF65D4402BDABB0AB04B88FD4413ADE8F677C4DF38D682C320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9566EA4 Relevance: 4.6, APIs: 3, Instructions: 94COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
    • String ID:
    • API String ID: 3058843127-0
    • Opcode ID: 7529d718ebceb2e28856d238fea64908c76f27eeb4c57c380c0e500fab0d3788
    • Instruction ID: 625c58fd5beba8d4aa0168bdf967c31a691f9a57c01c29006ed192b992e7b505
    • Opcode Fuzzy Hash: 7529d718ebceb2e28856d238fea64908c76f27eeb4c57c380c0e500fab0d3788
    • Instruction Fuzzy Hash: 58315721A0964B81FA10BF68E4153BDE2B1AF81784FC44437EA4F472DBDE2EE9458330
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9574E60 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: 52cf179d3c89457df871c6ba628e0447f554939ccaed84e7467ddb5d8ba6f46b
    • Instruction ID: fbaf0a0374f4e35fbf6a7bc1dc986b946b89fc5459ed5fe482874f5e415ec537
    • Opcode Fuzzy Hash: 52cf179d3c89457df871c6ba628e0447f554939ccaed84e7467ddb5d8ba6f46b
    • Instruction Fuzzy Hash: 47D06C10B0860A42EA583F71599907C92766F89721FC0243AD88B063D3CE3EEA498372
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957C738 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID:
    • API String ID: 442123175-0
    • Opcode ID: 63d459929bc644f6e242801b69ee5009e558b81ea3f3a04720264b2541338b8f
    • Instruction ID: 9db80576888bed7031e12aa7fba66410523d253ce1f98dbac775756e2f743b40
    • Opcode Fuzzy Hash: 63d459929bc644f6e242801b69ee5009e558b81ea3f3a04720264b2541338b8f
    • Instruction Fuzzy Hash: D731C532619A89A6E750AF15E4406ADB770FB58780FC48037DA8F83795DF3CD655C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957C01C Relevance: 3.1, APIs: 2, Instructions: 71COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: FileHandleType
    • String ID:
    • API String ID: 3000768030-0
    • Opcode ID: 60a0dd885a81a62ef60af5ef6e7b380ff9aab9e480512f98f7dbd8d642045917
    • Instruction ID: 08cc30cc517c9653feb4b6ce2b360c954e2fb523ec98d5dae4af9b9d5b24abf1
    • Opcode Fuzzy Hash: 60a0dd885a81a62ef60af5ef6e7b380ff9aab9e480512f98f7dbd8d642045917
    • Instruction Fuzzy Hash: 26318622A18B4A91D760AF15C55017DA660FB45BB0BE8133ADBAF173E0CF39E6A1D350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9561DF0 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: FileHandleType
    • String ID:
    • API String ID: 3000768030-0
    • Opcode ID: bd4202490df205b6f9510b56b74e336caf37ed8813f6dc6843f48374e1f99c11
    • Instruction ID: 02bcafea33cfffd38cf366cd75ace345f49f7f16991dda79f346ab5e5ae7150d
    • Opcode Fuzzy Hash: bd4202490df205b6f9510b56b74e336caf37ed8813f6dc6843f48374e1f99c11
    • Instruction Fuzzy Hash: 8BC08C2AF1650683DA0C7B313C9606CA1209F49B31FD4023DE22F823E0CE1D90C9C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9574D91 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: HandleModule$AddressFreeLibraryProc
    • String ID:
    • API String ID: 3947729631-0
    • Opcode ID: d3551933d4c6acec2e583ef33c32b18fe37b7fa626b61c2e034d82670a3e963d
    • Instruction ID: 7ffdecf96eab9899c7edeb36b3b4a60fa21762af74047ecfb94d76027471f8dc
    • Opcode Fuzzy Hash: d3551933d4c6acec2e583ef33c32b18fe37b7fa626b61c2e034d82670a3e963d
    • Instruction Fuzzy Hash: 95217F32B046498AEB24AF64C4442BC73B1FB4472CFD44636DAAE06AD5DF38D644C7A1
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF7D95636F0 Relevance: 65.1, APIs: 28, Strings: 9, Instructions: 363servicenetworksleepCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Service$ErrorLast$Handle$Close$Open$ComputerCountDeleteFileFreeLibraryManagerNameQuerySleepStatusTick$BufferConsoleCreateDirectoryFormatInfoLoadLocalMessageObjectScreenSingleStartSystemWaitWrite_invalid_parameter_noinfogethostbynamegethostnameinet_ntoa
    • String ID: Could not start %s service on %s:$Starting %s service on %s...$Timeout accessing %s.$%%SystemRoot%%\%s$%s\%s$Connecting to %s...$Connecting to local system...$\\%s\ADMIN$\%s$local system
    • API String ID: 1350985263-2019967936
    • Opcode ID: 876328e65ea959e3eeedfa8c08530821a44bec9f6e1e20e8aeb28948c4d82d96
    • Instruction ID: 53624bbb253740239819267b2e3ef582eb24fa5688412e5ea2cdd72e3ac1db25
    • Opcode Fuzzy Hash: 876328e65ea959e3eeedfa8c08530821a44bec9f6e1e20e8aeb28948c4d82d96
    • Instruction Fuzzy Hash: 0BF13F22A08B8A85EB20AF65E8501BDABB1FB85B84FD00136DA4F477E5DF3DD545C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D958410C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 808467561-2761157908
    • Opcode ID: 789a5ca3d79edb8fa5c2143c494ac02e5ddf6eadcf1053b803dd66aa6bb8f891
    • Instruction ID: ac549947bbe009f22ac915cd2b89836c6dbf61f14f38bb5a46c40ce1cfd4a465
    • Opcode Fuzzy Hash: 789a5ca3d79edb8fa5c2143c494ac02e5ddf6eadcf1053b803dd66aa6bb8f891
    • Instruction Fuzzy Hash: E8B2D172A1829A8BE7249F65D5407FDF7B1FB58388FC05136DA0F57AC4DB38AA018B50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95642D0 Relevance: 19.6, APIs: 13, Instructions: 74servicesleepCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Service$ErrorLast$CloseCountHandleQueryStatusTick$OpenSleepStart
    • String ID:
    • API String ID: 3610030328-0
    • Opcode ID: 32ade8dcdaa1799c60fcfd290c5e8b476157baab916166f6dfe329271b2b37f3
    • Instruction ID: e0dcb649071166a5e05f477d0f34751e94ecd51a5ad5d5373819c22e2025186c
    • Opcode Fuzzy Hash: 32ade8dcdaa1799c60fcfd290c5e8b476157baab916166f6dfe329271b2b37f3
    • Instruction Fuzzy Hash: 59310C25B18A4A82FB10BF25A85523DE2B1BF88B84FD40136C94F427E4DF3DE4858730
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9561E20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: MessageSend$HandleModulePrint
    • String ID: Sysinternals License$x
    • API String ID: 974879003-2333083431
    • Opcode ID: 874f8fa4167e5413e406c8e593100f51ff3581a23c1b92052bf643814de6eabd
    • Instruction ID: 0817350abeba46a788832862db211f9a04362b4a4dba07b4066d31f7d19742d7
    • Opcode Fuzzy Hash: 874f8fa4167e5413e406c8e593100f51ff3581a23c1b92052bf643814de6eabd
    • Instruction Fuzzy Hash: 90715236E18B8586E710DF61E9442AEB770FB89758F905136DE8E53B98DF3CE5848B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9585C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
    • String ID:
    • API String ID: 1617910340-0
    • Opcode ID: caef04356e3deaf801f01df459baf2cb583d03f6bb331607454bc6a3e4538700
    • Instruction ID: 77e06099546d0c73c2a34ee715e0db78b9cf2297657bd8b24fdd2210bc055d8a
    • Opcode Fuzzy Hash: caef04356e3deaf801f01df459baf2cb583d03f6bb331607454bc6a3e4538700
    • Instruction Fuzzy Hash: E5C1AF32B24A4986EB10EFA8C4806ACB771F749B98B810236DE5F577D5CF39D556C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95674C4 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 3140674995-0
    • Opcode ID: be8acdd345bc995b307e0b3946537c446f2410f336ab0d0912342f9e6528a555
    • Instruction ID: ffde674c4f8135db2ff00c2594fd424fc3178ea5ac1bf15432cc036b8d1a9dd6
    • Opcode Fuzzy Hash: be8acdd345bc995b307e0b3946537c446f2410f336ab0d0912342f9e6528a555
    • Instruction Fuzzy Hash: 5C311A72609B8686EB60AF60E8403EDB374FB84754F84403ADA8E47B99DF3DD548C724
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956CE94 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: 4e499f6d7a62f80163f9411dddc66b400b9f386bb1d0f0497b9e1f2dcee10ba9
    • Instruction ID: 55c3975c66d06d160ab0f7422b4ced40e4334ddea84f33c56fc2d98a1c689a88
    • Opcode Fuzzy Hash: 4e499f6d7a62f80163f9411dddc66b400b9f386bb1d0f0497b9e1f2dcee10ba9
    • Instruction Fuzzy Hash: A5316F32618B8586EB60AF25E8402AEB3B0FB88754FD40136EA8E43B95DF3DD5558B10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9563180 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue
    • String ID:
    • API String ID: 3398352648-0
    • Opcode ID: cf2a96575224802fc5d8fec57065cf18117ed5c6ee5562c336c8bdf0c789777c
    • Instruction ID: a8de91f9ad1f97d09835e08f7e0835979e1a63600b21019243e45ecebd403db6
    • Opcode Fuzzy Hash: cf2a96575224802fc5d8fec57065cf18117ed5c6ee5562c336c8bdf0c789777c
    • Instruction Fuzzy Hash: C3214F72618B4582EB50AF61E40516EF3B0FF95B84FD40036EA8E47AA5CF7DD055CB20
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9563260 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Resource$FindLoadLockSizeof_invalid_parameter_noinfo
    • String ID: BINRES
    • API String ID: 2472025960-3442368034
    • Opcode ID: feaa98334c673be6d99ee31cb059a39d6e66f67a42c24295f2af82366e3032c7
    • Instruction ID: 66bfeae49f93784a701c8c39fbeebb3f1936a64f29675e209848c33f9879037b
    • Opcode Fuzzy Hash: feaa98334c673be6d99ee31cb059a39d6e66f67a42c24295f2af82366e3032c7
    • Instruction Fuzzy Hash: D7015B21A0974681EE14AF62A4050AEE2A1AF48BC0FC85436ED4F4778ADE3DE1428720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9576DA0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: memcpy_s
    • String ID:
    • API String ID: 1502251526-0
    • Opcode ID: 8101bab96facb9530bfb020494a0e1e968264cdbe7156957248635d7c5768935
    • Instruction ID: 7c6e3b5600bbe22a20932bd7b2054cde4a39b0e2af9495fdaf388863b71a08aa
    • Opcode Fuzzy Hash: 8101bab96facb9530bfb020494a0e1e968264cdbe7156957248635d7c5768935
    • Instruction Fuzzy Hash: C9C1E472B1968A87DB24DF15B044A6EB7A1F784784FC58136DB9B43B84DB3DEA01CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95800EC Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ExceptionRaise_clrfp
    • String ID:
    • API String ID: 15204871-0
    • Opcode ID: 4f54af9212650d8e320bef76f6f8345147efbb8b32f9b3caa123bd7f2245bc63
    • Instruction ID: 2672f6edc55d7b9ca459b3f107549a225cc7290db36b4f4394753d82eb6b2e09
    • Opcode Fuzzy Hash: 4f54af9212650d8e320bef76f6f8345147efbb8b32f9b3caa123bd7f2245bc63
    • Instruction Fuzzy Hash: 18B12A73604B888BEB15DF29C8463ACB7B0FB44B58F958932DA5E877A4CB39D451C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9572B28 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: $
    • API String ID: 0-227171996
    • Opcode ID: e83476e0e87c6b73007f49a7a8269c9c9056a4f13af9e0565dbc9fbf94915f4d
    • Instruction ID: e3d1dfc995accb15411fd58c0f4c0c0e5c9ab6abdde46ca56d683303f91081a2
    • Opcode Fuzzy Hash: e83476e0e87c6b73007f49a7a8269c9c9056a4f13af9e0565dbc9fbf94915f4d
    • Instruction Fuzzy Hash: F1E19332A0864A86EB68AF25805013DA3B4FB55B58FD45236DE8F077D4DF39DB52C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957D554 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: e+000$gfff
    • API String ID: 0-3030954782
    • Opcode ID: e5088331f5dafab53919497ab3a8321107f912bc746d7cb58dc87c689b77e81e
    • Instruction ID: 3373d338600278264b7d27872358d292cd192942041e689d08cbbc65c4c0a39f
    • Opcode Fuzzy Hash: e5088331f5dafab53919497ab3a8321107f912bc746d7cb58dc87c689b77e81e
    • Instruction Fuzzy Hash: 92515A62B182C986E7249E35A80076DE7A1E744B94FC88333CB9D4BAC5DE3DD6458710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95810A8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c7c7c775e16aa69a9a6c3808ec81363121b94a2308e8e075fc3acad2fb8473a0
    • Instruction ID: 70c3bd3ff81247e391f3569eaa16cd227bdc1e1f140d9c53031b7205c713d8f9
    • Opcode Fuzzy Hash: c7c7c775e16aa69a9a6c3808ec81363121b94a2308e8e075fc3acad2fb8473a0
    • Instruction Fuzzy Hash: 3651E422B0868585FB10AF72A8405AEFBB5FB40794FD44236EE5E67AD9DE3CD501C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95700F8 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID: 0-3916222277
    • Opcode ID: 8e37025e60f8465834c400ba56354b5e9048324d76e1c94d0137f6221510adfd
    • Instruction ID: d02d104284740b4ccaabca0d06c3e2ccf866610af017b08d1dc9aacb461ec587
    • Opcode Fuzzy Hash: 8e37025e60f8465834c400ba56354b5e9048324d76e1c94d0137f6221510adfd
    • Instruction Fuzzy Hash: C8B17E7290878986E764AF39C09427DBBF1EB45B48FD44236CA8E573D5CE29E740C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957D0C0 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID: gfffffff
    • API String ID: 0-1523873471
    • Opcode ID: df1313467dd1a5c1d5357d81f93498711a3ff2aff352247f6c10c21aca7fc2ac
    • Instruction ID: 567c0ac95860879f22c1083bb6518e270f832e3c5cccbbe40ba4c7ac274c2f54
    • Opcode Fuzzy Hash: df1313467dd1a5c1d5357d81f93498711a3ff2aff352247f6c10c21aca7fc2ac
    • Instruction Fuzzy Hash: 54A13A62A087C986EB21DF25A4007ADB7A1EB54784FC58232DECE477C5DA3DE706C721
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957082C Relevance: 1.5, Strings: 1, Instructions: 247COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID: 0-3916222277
    • Opcode ID: d2d563c9952ed888d5a48f59e1cc33637cdd4b5551ef3c3c3e5d5700790f8fa8
    • Instruction ID: 2e6adefb50998143a29f23297272edfcf93e91b28806ed5a49f723e95d112b90
    • Opcode Fuzzy Hash: d2d563c9952ed888d5a48f59e1cc33637cdd4b5551ef3c3c3e5d5700790f8fa8
    • Instruction Fuzzy Hash: C1B17B7290869989EB659F39C05027DBBF1EB49B48FE40236CA8E473D5CF29E741C760
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9582854 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 031cf0576fbaf8993d25b0ae52139524bc2cec2e465a85240c84c60132ec73a1
    • Instruction ID: 0b01667b30635b0caa1d8b9d77078422b0eaacc218d8b758ba328b3bc216c189
    • Opcode Fuzzy Hash: 031cf0576fbaf8993d25b0ae52139524bc2cec2e465a85240c84c60132ec73a1
    • Instruction Fuzzy Hash: AFB09220E07A0ACAEA087F656D8261CA2B47F48710FC9013AC00F41360DF2D30A66720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957731C Relevance: .5, Instructions: 535COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6bf070a438be0e2dcfbb001b04bd53a81799744540d09377601b75728cd624c7
    • Instruction ID: 6410fe75b962f21d126a7447ff408bdc33e511baadc53de4b6a9c77509874737
    • Opcode Fuzzy Hash: 6bf070a438be0e2dcfbb001b04bd53a81799744540d09377601b75728cd624c7
    • Instruction Fuzzy Hash: C0423F21929E4EA9F653AFB5A411539A334BF523C4FC18333EC4F676A0DF6CA5539220
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9572664 Relevance: .4, Instructions: 374COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 29badbbca3a89c88d3bc49b0d2ea0497190a973ab3cae1a9d985ee759d6d20c7
    • Instruction ID: 12ca31f98127d4d6d4b7550e21412f4d1ed5d3abdb91424a83c68889fa696d9d
    • Opcode Fuzzy Hash: 29badbbca3a89c88d3bc49b0d2ea0497190a973ab3cae1a9d985ee759d6d20c7
    • Instruction Fuzzy Hash: 9AE1C326A0824A86EB68AE25814013DB7B1FF45B54FD84137CE8F073D9DE39EB55C760
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9571E28 Relevance: .4, Instructions: 351COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f36a1383be67a81230002587b66abf46246b35f3223e174771978575a92790c2
    • Instruction ID: 0a0edf18b71cc0d98e2d10526f62beb3b98d9be05ae550385474b8f76635d608
    • Opcode Fuzzy Hash: f36a1383be67a81230002587b66abf46246b35f3223e174771978575a92790c2
    • Instruction Fuzzy Hash: AFE1C132A0864A86EB64AE29859437CA7B1EB45B54FD44237CE8F066D5CF3DEB41C330
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9572260 Relevance: .3, Instructions: 327COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a3ae190f87991e338953df3b8155c3ccfbb23bc3c8f94229692afbbbb07b6363
    • Instruction ID: ac7d28eaa79228d4fdf5a8e9f6df2471ff8c2d9c2023756cf427935490f15810
    • Opcode Fuzzy Hash: a3ae190f87991e338953df3b8155c3ccfbb23bc3c8f94229692afbbbb07b6363
    • Instruction Fuzzy Hash: C2D1E632A0864A82EB68AE29945023DA3B0EF45B58FD44237CE8F476D5DF3DDB45C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9570494 Relevance: .2, Instructions: 250COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bf55d287f8285f5ac872e0fc15e348efd7d0d53ce40a02eed1d54d92ed0c5c42
    • Instruction ID: 1dbea1ff8a4bc5f91901525090f6f19876b081b5dbb273302ba49b57c9f9661a
    • Opcode Fuzzy Hash: bf55d287f8285f5ac872e0fc15e348efd7d0d53ce40a02eed1d54d92ed0c5c42
    • Instruction Fuzzy Hash: EAB18B72A0868985EB64AF39D05423DBBF0EB45B48FD44236DA8E473D5CF39D640CB60
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9570BB0 Relevance: .2, Instructions: 241COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3f40870a3ab149b8c5f2a3f6a5ab1bb5b17ebfb8f701ea6c623f5faff8b3d4d1
    • Instruction ID: accc47708098f8cb1978a6c1254056620e0643e3ff342ef5bce6831a987e228b
    • Opcode Fuzzy Hash: 3f40870a3ab149b8c5f2a3f6a5ab1bb5b17ebfb8f701ea6c623f5faff8b3d4d1
    • Instruction Fuzzy Hash: BCB16872A0878985E764AF39C05023CBBB0E749B48FA85236DE8E473D5CF39E641C765
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957DBD4 Relevance: .2, Instructions: 198COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5fb927995f2d4f4ef12949c51ee7552c5f079cff5259920eb169359f0f7b1f00
    • Instruction ID: 44fc7262b58f00fa2ced9cf1a07f5501b40344f93bd46366a6aaa4a3f4f9b3e5
    • Opcode Fuzzy Hash: 5fb927995f2d4f4ef12949c51ee7552c5f079cff5259920eb169359f0f7b1f00
    • Instruction Fuzzy Hash: 1D81C272A0878586EB649F19944037EAAA1FB45794FD44336DACE43BC9CE3DE7048B10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95855D8 Relevance: .2, Instructions: 183COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: c5a03a450f385c39faff0c029aec7664d5c98c745571ea000fa37a464386d1e2
    • Instruction ID: 514cef98444313c75ae66d02b01236e0c672885312b152f338e7aa1b861e1195
    • Opcode Fuzzy Hash: c5a03a450f385c39faff0c029aec7664d5c98c745571ea000fa37a464386d1e2
    • Instruction Fuzzy Hash: AF610E22F0C24686FB65ADA9944027DE5A1EF40370FE4467BD61F876C1DE7DE8038B20
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956F1DC Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
    • Instruction ID: b95cf74d9442978ab21677b56b640bb0feb45471f319e1f43476c9eb816e5213
    • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
    • Instruction Fuzzy Hash: 3951737AF18A5986E7649F29C45022C73B0EB58B68FE45136CE4E177D4CB3AE843CB50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956E9BC Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
    • Instruction ID: 6b3fd6663bcbcd723658c591662677091d6f929adf6cf364ae7d1c1355a4d05e
    • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
    • Instruction Fuzzy Hash: DE516136A1965986EB249F29C04422C73B1EB44B68FE48132CA4F577E4CF3AE877C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956EDCC Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
    • Instruction ID: 60fec1a9c175ba42de49291667ac6fbf422d8622da40026d99e9f811c778c81f
    • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
    • Instruction Fuzzy Hash: D5518436A15A59C6E7249F29C04023CB3B0EB45B68FA44132DA8E177D4DB3AEC77C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956EBC8 Relevance: .1, Instructions: 145COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f6a3dccb135ddd09f63c505db29ff29986bf9dd63497299e7c799fac6b959aa4
    • Instruction ID: da29aabb18cac86512e2b5f96d3fd90940b0f454437b311ecbf0c85ad27a15ed
    • Opcode Fuzzy Hash: f6a3dccb135ddd09f63c505db29ff29986bf9dd63497299e7c799fac6b959aa4
    • Instruction Fuzzy Hash: 62519276A19A5986F7249F29C04022CA7B0EB54B58FA84136CE4E077D4DF3AE877C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956EFD8 Relevance: .1, Instructions: 145COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e46230d8c0bb23a9b26f12389beaf27d8e9063d4bba2e4d98de2a57eaa924be5
    • Instruction ID: c03968d951068239a964288e33b674380bb6c259170317c4efb7d7e608671db6
    • Opcode Fuzzy Hash: e46230d8c0bb23a9b26f12389beaf27d8e9063d4bba2e4d98de2a57eaa924be5
    • Instruction Fuzzy Hash: B451607AF1865986E7249F29C44022DA7B0EB49BA8FA45132CE4E177D5CF3AE842C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956E7B8 Relevance: .1, Instructions: 145COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: db363646d287334b7a31293e9082935613ba5dde14aee32d187fc7345eaa1eeb
    • Instruction ID: 12656de82e44b63cad6a4cc9bd56bdb20e9b4571217b66f953e1368bdcfb16b5
    • Opcode Fuzzy Hash: db363646d287334b7a31293e9082935613ba5dde14aee32d187fc7345eaa1eeb
    • Instruction Fuzzy Hash: BC51A036A2965982E7649F29D04022CA7B0EB45B58FE84132CE4E077D4DB3AEC77C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957A730 Relevance: .1, Instructions: 126COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorFreeHeapLast
    • String ID:
    • API String ID: 485612231-0
    • Opcode ID: 1f7e634a4dc5b5062dfd017632f9820ebeb5f31717fe84c067b5461d12c3865e
    • Instruction ID: b3732f41111c616cac517c6f7503d74bc60e17e1a0f2049cd463db7b649ed5ce
    • Opcode Fuzzy Hash: 1f7e634a4dc5b5062dfd017632f9820ebeb5f31717fe84c067b5461d12c3865e
    • Instruction Fuzzy Hash: 1C41E462B14A5982EF04DF2AD91416DA3A1AB48FD4BC99037DE4E87B98DF3DD5468300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95805B0 Relevance: .0, Instructions: 32COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1372189b2d16c415f132443a497971b1437617ea57b8fb12d0f1bfb4ebc40a47
    • Instruction ID: 04d5e0e17ca1cc2c6d9babb1e6728e015ef6b7cdf21ba6f69bc478128adb9ab3
    • Opcode Fuzzy Hash: 1372189b2d16c415f132443a497971b1437617ea57b8fb12d0f1bfb4ebc40a47
    • Instruction Fuzzy Hash: CCF068717182998BDB949F6CA902A2DB7E1F748380FC0813AD58EC3F54D63C90618F14
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9567670 Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 198e2ab55100ff37b358a152d4b909ebf727666e2e4e69da79e89ee11ea11b61
    • Instruction ID: 9a0a0b58123ecc4c841f0b5e063616bf3a012fa9a69d4205fcba933829a88231
    • Opcode Fuzzy Hash: 198e2ab55100ff37b358a152d4b909ebf727666e2e4e69da79e89ee11ea11b61
    • Instruction Fuzzy Hash: 65A0012191D94AD0E694AF04A950038A630BB60310FC10432E00F820E19E2EA4009330
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95652B0 Relevance: 51.1, APIs: 9, Strings: 20, Instructions: 363fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$HandleService$File$CloseComputerDeleteErrorFreeLastLibraryNameOpen$BufferConsoleCreateDirectoryFormatInfoLoadLocalManagerMessageScreenSleepSystemWritegethostbynamegethostnameinet_ntoa
    • String ID: %s process %d on %s...$Connecting with PsSuspend service on %s...$Error %s process %d on %s:$Error %s process(es) named %s on %s:$Error communicating with PsSuspend service on %s. The process maynot have been %s:$Error communicating with PsSuspend service on %s:$Error establishing communication with PsSuspend service on %s:$PSSPNDSVC$PSSPNDSVC.EXE$Process %d does not exist on %s.$Process %s does not exist on %s.$PsSuspend$Resuming$SUSPENDSVC$Suspending$resumed$resuming$spndsvc$suspended$suspending
    • API String ID: 2530436680-584346801
    • Opcode ID: 7e6cc44c0eb485db89310379e44e82017473807a14564a801831029de80135e7
    • Instruction ID: 8fb7098003e15599695017208c7ef204e57dc0ab23cb7ec7aa385309cafa8a85
    • Opcode Fuzzy Hash: 7e6cc44c0eb485db89310379e44e82017473807a14564a801831029de80135e7
    • Instruction Fuzzy Hash: DB028021A0CA8A95FB00AF64E8442BDA771FB55798FD04233DA5F426E9DF3CE185C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95645F0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 184libraryloadersleepCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Handle$AddressModuleProc$ProcessToken$AdjustCloseCurrentErrorLastLookupOpenPrivilegePrivilegesSleepValue
    • String ID: .$NtQuerySystemInformation$NtResumeProcess$NtResumeThread$NtSuspendProcess$NtSuspendThread$SeDebugPrivilege$ntdll.dll
    • API String ID: 595129853-2451952182
    • Opcode ID: a85b8534981bc5d32997fb9bd61c8f3fe756dd3182e21415228c90afc208d302
    • Instruction ID: 78b91b6edc39b84a5904e4a940b559a34fa25401adc6fccf2243b7255d905f56
    • Opcode Fuzzy Hash: a85b8534981bc5d32997fb9bd61c8f3fe756dd3182e21415228c90afc208d302
    • Instruction Fuzzy Hash: C3817D25E08A8A95FA51BF21A80427EE6B5BF45B94FC40237C91F072E0DF3DE849C760
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9563F20 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 192COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Resource$ErrorLast$DirectoryFindLoadLockSizeofSystem_invalid_parameter_noinfo
    • String ID: Make sure that file and print sharing services are enabled on %s.$Make sure that file and print sharing services are enabled.$Make sure that the admin$ share is enabled.$Make sure that the default admin$ share is enabled on %s.$Couldn't access %s:$Couldn't install %s service:$%s\%s$BINRES$\\%s\ADMIN$\%s$\\%s\IPC$
    • API String ID: 3702802994-1912292548
    • Opcode ID: 071af91967bfe4ab17f6751bbd98c20d4486ebfb4baad08051fce5d5e089f32d
    • Instruction ID: c87d76b5861ab666ae85b59db0c17a4cd2b2cedcb8300b0a26f11824d12d7965
    • Opcode Fuzzy Hash: 071af91967bfe4ab17f6751bbd98c20d4486ebfb4baad08051fce5d5e089f32d
    • Instruction Fuzzy Hash: 9581BC61A0C68A91EA60BF25A8413BEE3B0AF45B84FC40437EA4F477D6DE3CE545C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9566464 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
    • String ID: H
    • API String ID: 3432403771-2852464175
    • Opcode ID: 48c7cfffe3f4f6c39648da415dc7a092c5cf6515b6bd8086da9425b1ac52f796
    • Instruction ID: 528e5718055f06d74eb9fdc369482f60dc8b83fbc4961cabead78853a1790771
    • Opcode Fuzzy Hash: 48c7cfffe3f4f6c39648da415dc7a092c5cf6515b6bd8086da9425b1ac52f796
    • Instruction Fuzzy Hash: D7914D32A0675986EB50EF61E4446ACB7B5BB08788FC44536DE0E17794EF3DE445C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95648D0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 210COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CloseErrorHandleLastOpenProcess
    • String ID: 0$NtOpenThread$ntdll.dll
    • API String ID: 3453201768-3855847360
    • Opcode ID: 489b869b231c9a714fe97e6f602f35f5de04686050978cd1df0f894ef6c6b8d6
    • Instruction ID: 3e79fa9aa7e242ea3d0412925d5a389761683dd75757570b27ada797a6b3b17f
    • Opcode Fuzzy Hash: 489b869b231c9a714fe97e6f602f35f5de04686050978cd1df0f894ef6c6b8d6
    • Instruction Fuzzy Hash: 36814F22A0978986EB61AF11A84077DF6B4BB95755FD44136DA8F03BD4DF3CE884CB20
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9563D40 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 85servicesleepfileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Service$CloseHandleOpen$CountDeleteQueryStatusTick$ComputerControlDirectoryErrorFileLastManagerNameSleepSystem
    • String ID: %s\%s$\\%s\ADMIN$\%s
    • API String ID: 1830354168-2084416584
    • Opcode ID: 91080ea3a80c2f8b093f722747c300a69af4c9f57728cf95bf49482cbc5c984e
    • Instruction ID: ad1fd81c38a9c3ae24688393c6478826cc4e72629edba89490fd6d6b99457e99
    • Opcode Fuzzy Hash: 91080ea3a80c2f8b093f722747c300a69af4c9f57728cf95bf49482cbc5c984e
    • Instruction Fuzzy Hash: 27315065A1868A82EA60BF11E8542BEE371BF85B80FC04032D94F477E5DF3DD549C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956E040 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: f$f$p$p$f
    • API String ID: 3215553584-1325933183
    • Opcode ID: 0bc6be7e5dbc14bd22459ce4108125246e296fe8b6e7d45f82620daf8ef6a15b
    • Instruction ID: d146312e8425ba151414235bb151028060646d0a50551c04f1ee068cdafc9de1
    • Opcode Fuzzy Hash: 0bc6be7e5dbc14bd22459ce4108125246e296fe8b6e7d45f82620daf8ef6a15b
    • Instruction Fuzzy Hash: 87126262A0A18B86FB24BE14E05467DE672FB40754FD84137E68B465C4DF7CE8B88B20
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956A0B8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 849930591-393685449
    • Opcode ID: 39d100f0ccdeefbb1e5468306c024b9dddaeed09675493a68b1994a5e142c429
    • Instruction ID: 397f1f842b73a29d9dfc9710c38c23f6ab78a54b8a84b84e59cae0075e8440ca
    • Opcode Fuzzy Hash: 39d100f0ccdeefbb1e5468306c024b9dddaeed09675493a68b1994a5e142c429
    • Instruction Fuzzy Hash: 10E18F72A087498AEB20EF65D4402ADBBB0FB55798FC01136EE8E57B95DF39E480C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957B7C8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: AddressFreeLibraryProc
    • String ID: api-ms-$ext-ms-
    • API String ID: 3013587201-537541572
    • Opcode ID: ddb95b66aa8df222980403ecbd5fd918874c7aa79d061f2dea52e19d028bfbcb
    • Instruction ID: dd530237f9dbb80869223f4aae32e7a1d678503f25f4e6cde6719e5c88bd0511
    • Opcode Fuzzy Hash: ddb95b66aa8df222980403ecbd5fd918874c7aa79d061f2dea52e19d028bfbcb
    • Instruction Fuzzy Hash: D041E061B19A0A81FE15AF16A81067DA3A1BF05BA0FC84137DD5F477C4EF3CEA458324
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95635C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49libraryfilewindowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: FreeLibrary$FileFormatHandleLoadLocalMessageWrite
    • String ID: netmsg.dll
    • API String ID: 2331622496-3706735626
    • Opcode ID: afaa5f32b484edfb646628d39f6b412b62a16033c80d24f9c72e5dde88024a87
    • Instruction ID: 63f9033b25911e9969aeec6e12a70daaf84f40055cd5758f4c5aeddf53e2dd24
    • Opcode Fuzzy Hash: afaa5f32b484edfb646628d39f6b412b62a16033c80d24f9c72e5dde88024a87
    • Instruction Fuzzy Hash: 7C112C32608A4582E715AF15F45436EF7A0FB88B94F880136EA8E43794DF3DD549CB60
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9564410 Relevance: 12.1, APIs: 8, Instructions: 56serviceCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Service$CountQueryStatusTick$CloseControlErrorHandleLastOpen
    • String ID:
    • API String ID: 1876360078-0
    • Opcode ID: e4e4c223af10631e6f93fc6acc99d6d6bac4e1ee7854b7d3fe9cb1a1444a7a08
    • Instruction ID: d4b33a8f216fe414bcda788317ea8def916ea0e51110265b194f244e23a0d005
    • Opcode Fuzzy Hash: e4e4c223af10631e6f93fc6acc99d6d6bac4e1ee7854b7d3fe9cb1a1444a7a08
    • Instruction Fuzzy Hash: 01212121B0864A82FB20AF25A55523DE2F1BF49BC1FC40136DA4E46BD4DF2DE4458720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9583ADC Relevance: 10.8, APIs: 7, Instructions: 290COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 5169e63d39077f4ca1d23ba53c19998d8baced70099b6a582efa70599817aae5
    • Instruction ID: bef54983dffbb96f4a1e07e39d07a06d17d702f13e3aa9680ce44e7f334a94e5
    • Opcode Fuzzy Hash: 5169e63d39077f4ca1d23ba53c19998d8baced70099b6a582efa70599817aae5
    • Instruction Fuzzy Hash: B2C1A122A0868A51EB60BF1594442BEFBB4EB80BC0FD54136DA8F037D1DF7CE9458761
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956C95C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7D956CC0E,?,?,?,00007FF7D956C900,?,?,00000001,00007FF7D95695B9), ref: 00007FF7D956C9E1
    • GetLastError.KERNEL32(?,?,?,00007FF7D956CC0E,?,?,?,00007FF7D956C900,?,?,00000001,00007FF7D95695B9), ref: 00007FF7D956C9EF
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7D956CC0E,?,?,?,00007FF7D956C900,?,?,00000001,00007FF7D95695B9), ref: 00007FF7D956CA19
    • FreeLibrary.KERNEL32(?,?,?,00007FF7D956CC0E,?,?,?,00007FF7D956C900,?,?,00000001,00007FF7D95695B9), ref: 00007FF7D956CA5F
    • GetProcAddress.KERNEL32(?,?,?,00007FF7D956CC0E,?,?,?,00007FF7D956C900,?,?,00000001,00007FF7D95695B9), ref: 00007FF7D956CA6B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Library$Load$AddressErrorFreeLastProc
    • String ID: api-ms-
    • API String ID: 2559590344-2084034818
    • Opcode ID: 83d751baf10f31a9b2a034fbafc629df084bb2f961a16adb14ef9981c08adcc5
    • Instruction ID: a4fe8935f9a5286435a3115aba7f8d9275953e69ef367c4e5fd1fdd150bfe0dc
    • Opcode Fuzzy Hash: 83d751baf10f31a9b2a034fbafc629df084bb2f961a16adb14ef9981c08adcc5
    • Instruction Fuzzy Hash: 9E318121A1AA4A92EE55FF16E80067DA2A4BF44B60FD94536DE1F477D0EF3CE444C320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957B3B4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: 221bf47a93036a1c554d822c53fb37d40b5d456e259ffb7934c17bdd3babf034
    • Instruction ID: 48e3f5ce9d39c4d25cbf5a79b87c9f6b2240d624f3a44c312b49f329ebf7a5ca
    • Opcode Fuzzy Hash: 221bf47a93036a1c554d822c53fb37d40b5d456e259ffb7934c17bdd3babf034
    • Instruction Fuzzy Hash: E6216A20E0824A46FE547F21554503DE2729F447B8FD40637D9AF06AEADE2CFF418220
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D958772C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
    • String ID: CONOUT$
    • API String ID: 3230265001-3130406586
    • Opcode ID: d809f4a4ac9a67265d4ca341f6aeb36d962bb9c793706b0b6b47f983dd33e26b
    • Instruction ID: 0f1827271e7dd8a1be2f89d80bbd21a7ea2ad0a1fdba796395b6b9d60d23bba2
    • Opcode Fuzzy Hash: d809f4a4ac9a67265d4ca341f6aeb36d962bb9c793706b0b6b47f983dd33e26b
    • Instruction Fuzzy Hash: 3E11B121A18A4582E750AF42E84432DE2B0FB98FE4FC40235EA1E877E4DF7DD9108764
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956616C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetModuleHandleW.KERNEL32(?,?,?,00007FF7D95660DB,?,?,?,00007FF7D956648E), ref: 00007FF7D9566193
    • GetProcAddress.KERNEL32(?,?,?,00007FF7D95660DB,?,?,?,00007FF7D956648E), ref: 00007FF7D95661B0
    • GetProcAddress.KERNEL32(?,?,?,00007FF7D95660DB,?,?,?,00007FF7D956648E), ref: 00007FF7D95661CC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: AddressProc$HandleModule
    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
    • API String ID: 667068680-1718035505
    • Opcode ID: 8fd5695a9db79479c4993b9acc1c1596c581ff9136e8a855c0d7e48b72109ebb
    • Instruction ID: 78111552008c60e4b6edc40e6d5c403f6efa007494393d3399c23a3549db19a2
    • Opcode Fuzzy Hash: 8fd5695a9db79479c4993b9acc1c1596c581ff9136e8a855c0d7e48b72109ebb
    • Instruction Fuzzy Hash: 34110925A0BB0B92FE61AF01AA4017DE2B16F48780FC91436C91F0A3D1EE3CB4859734
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956A590 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 316COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 3523768491-393685449
    • Opcode ID: b9c6c5cb79b74f63477c1aad4ddb6d7817ccc2b9dd604f18fe052c3d4bed9236
    • Instruction ID: 13b4f8953264778c689ba5213c65192d4600923a3bd06007bf3b99f31a60b298
    • Opcode Fuzzy Hash: b9c6c5cb79b74f63477c1aad4ddb6d7817ccc2b9dd604f18fe052c3d4bed9236
    • Instruction Fuzzy Hash: 36E1907290878A8AEB10AF25D4802ADBBB0FB55748FD05236DE8E477D6DF38E585C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957B52C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,0000022B591F8B7C,00007FF7D9576D89,?,?,?,?,00007FF7D9580556,?,?,00000000,00007FF7D958281B,?,?,?), ref: 00007FF7D957B53B
    • FlsSetValue.KERNEL32(?,?,0000022B591F8B7C,00007FF7D9576D89,?,?,?,?,00007FF7D9580556,?,?,00000000,00007FF7D958281B,?,?,?), ref: 00007FF7D957B571
    • FlsSetValue.KERNEL32(?,?,0000022B591F8B7C,00007FF7D9576D89,?,?,?,?,00007FF7D9580556,?,?,00000000,00007FF7D958281B,?,?,?), ref: 00007FF7D957B59E
    • FlsSetValue.KERNEL32(?,?,0000022B591F8B7C,00007FF7D9576D89,?,?,?,?,00007FF7D9580556,?,?,00000000,00007FF7D958281B,?,?,?), ref: 00007FF7D957B5AF
    • FlsSetValue.KERNEL32(?,?,0000022B591F8B7C,00007FF7D9576D89,?,?,?,?,00007FF7D9580556,?,?,00000000,00007FF7D958281B,?,?,?), ref: 00007FF7D957B5C0
    • SetLastError.KERNEL32(?,?,0000022B591F8B7C,00007FF7D9576D89,?,?,?,?,00007FF7D9580556,?,?,00000000,00007FF7D958281B,?,?,?), ref: 00007FF7D957B5DB
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: d88a706be6caaf95b72401729bf34bfe85716c2060da9a0804a48b2d83c9a145
    • Instruction ID: d067fe4aed0025f3947a288c47a5af2de00129f1b0bfe4afe08f321502371dca
    • Opcode Fuzzy Hash: d88a706be6caaf95b72401729bf34bfe85716c2060da9a0804a48b2d83c9a145
    • Instruction Fuzzy Hash: 95112924E0824A86FE54BF21555513DE2625F487B4FD44637E8AF066EAEE3CFF014620
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95693B8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
    • String ID: csm$f
    • API String ID: 2395640692-629598281
    • Opcode ID: 0fdced5e6fb91e3fc0874d4fe2381e69b1e2219dcf8b4425523b486f93c9dfe4
    • Instruction ID: 2510645889ef26a4c68b9364502599bb4129e4f1841be20d3eafae4688905b5a
    • Opcode Fuzzy Hash: 0fdced5e6fb91e3fc0874d4fe2381e69b1e2219dcf8b4425523b486f93c9dfe4
    • Instruction Fuzzy Hash: D951C332A0960686EB54EF15E414A6DB7B5FB91B88FD08132DA0F437C8EF38E841C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9574EB8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: b74011a9e6b80c19ec9f39942b1ef31bff35ea4d8bfcfeb7e51a94cd0b150746
    • Instruction ID: 91ca973eeff6b52ce1df13d6c32824b0fa61118ac1cc2286334aac4f5ad4e194
    • Opcode Fuzzy Hash: b74011a9e6b80c19ec9f39942b1ef31bff35ea4d8bfcfeb7e51a94cd0b150746
    • Instruction Fuzzy Hash: E2F04F61A28B0A91FA10AF64A85473DD371AF847A1FD40636C56F466F4CF3DD649C720
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9569988 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: AdjustPointer
    • String ID:
    • API String ID: 1740715915-0
    • Opcode ID: 0b1a1f396bbe791521b7d2f2fe777de63f19cb00782bd043c48286021a0cef76
    • Instruction ID: 01fe7f3eb8167be63cf6c97069114b07d9000fad0638a539db6d903dbf78c663
    • Opcode Fuzzy Hash: 0b1a1f396bbe791521b7d2f2fe777de63f19cb00782bd043c48286021a0cef76
    • Instruction Fuzzy Hash: 1BB1B171A0E68A81EA65BF1590A027CE7B4EF56B80FC98537DA4F0B7D5DE3CE4418320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95614F0 Relevance: 7.6, APIs: 5, Instructions: 108COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ComputerName$Concurrency::cancel_current_taskErrorLast_invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 1991152344-0
    • Opcode ID: c50be35321b273f2fa66a1b1deba1c9e813aeaceb9e411bef7cd1ed9d03fa55c
    • Instruction ID: b1f3613a96c1eb4179f8990a9b5cd256359e5a3f73a8a577c474ff528b73795c
    • Opcode Fuzzy Hash: c50be35321b273f2fa66a1b1deba1c9e813aeaceb9e411bef7cd1ed9d03fa55c
    • Instruction Fuzzy Hash: 6A41D922E0878A81EA10AF21A44027DE670AF957E0FD85332EA6F16AD5DF3CE491C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9576178 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
    • String ID:
    • API String ID: 2067211477-0
    • Opcode ID: 9d7b88f85dad531f1c0d7bdc7c71d6504aea739a840c1dcab457f4e948539ea4
    • Instruction ID: c07ce26aca373648ff5591cad4c804ec93616081d95afc362f7683ec12710314
    • Opcode Fuzzy Hash: 9d7b88f85dad531f1c0d7bdc7c71d6504aea739a840c1dcab457f4e948539ea4
    • Instruction Fuzzy Hash: 63212C25A0AB4A85EE54FF66A41417DE3B0AF88F84FC44532DE8E43B95DF3CE6408721
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D958657C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: _set_statfp
    • String ID:
    • API String ID: 1156100317-0
    • Opcode ID: b1b1b3aa74423c36d4a53cdb5dd3717e641bb7bfa8fb992f7f3a612f3b246f43
    • Instruction ID: a63b8dc501360549f46b56e68540775aa7d587f01496ff3d8c75197fe19fd8bf
    • Opcode Fuzzy Hash: b1b1b3aa74423c36d4a53cdb5dd3717e641bb7bfa8fb992f7f3a612f3b246f43
    • Instruction Fuzzy Hash: 4F1123B2E1DA4B01FB243D29F15637CC0616F44370FC80637EAAF062EACE2CA8414320
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957B5F4 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • FlsGetValue.KERNEL32(?,?,?,00007FF7D956CE23,?,?,00000000,00007FF7D956D0BE,?,?,?,?,?,00007FF7D956D04A), ref: 00007FF7D957B613
    • FlsSetValue.KERNEL32(?,?,?,00007FF7D956CE23,?,?,00000000,00007FF7D956D0BE,?,?,?,?,?,00007FF7D956D04A), ref: 00007FF7D957B632
    • FlsSetValue.KERNEL32(?,?,?,00007FF7D956CE23,?,?,00000000,00007FF7D956D0BE,?,?,?,?,?,00007FF7D956D04A), ref: 00007FF7D957B65A
    • FlsSetValue.KERNEL32(?,?,?,00007FF7D956CE23,?,?,00000000,00007FF7D956D0BE,?,?,?,?,?,00007FF7D956D04A), ref: 00007FF7D957B66B
    • FlsSetValue.KERNEL32(?,?,?,00007FF7D956CE23,?,?,00000000,00007FF7D956D0BE,?,?,?,?,?,00007FF7D956D04A), ref: 00007FF7D957B67C
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 4b78a145a5a834e9b95ee454ea8c795022a768edf9ff73055af418ef235489c9
    • Instruction ID: 1485b2535a5325a4889f3f6c09053f4d83fb57187fd3f892cfee9717269008de
    • Opcode Fuzzy Hash: 4b78a145a5a834e9b95ee454ea8c795022a768edf9ff73055af418ef235489c9
    • Instruction Fuzzy Hash: 3E117F20E0924A42FE58BF25654517DD2625F447B4FD4473BD9BF066EADE2CFF014620
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957B488 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 6bc1b88f62d66243964b6b3e9b7973b8bdb2eb614ec2b7e0c26cabe06ff59813
    • Instruction ID: afe1fadee9ce302c3afcb0b7084f7f3093d8e01c9e15319001f41f2dbaad35f3
    • Opcode Fuzzy Hash: 6bc1b88f62d66243964b6b3e9b7973b8bdb2eb614ec2b7e0c26cabe06ff59813
    • Instruction Fuzzy Hash: 0A110314E0920E46FD68BE2154125BDA2A24F44378FD8073BD9BF0A2E6ED2CFF018634
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95633B0 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ConditionMask$InfoVerifyVersion
    • String ID:
    • API String ID: 2793162063-0
    • Opcode ID: 915a08980f59275e4f6e1e602f8724e12f1652667afe06d589be96bd0e00cb12
    • Instruction ID: 7adcc71e09ca0fae8613947ef0f217ef60d1063cf5b95914dc6ac19f636fc54c
    • Opcode Fuzzy Hash: 915a08980f59275e4f6e1e602f8724e12f1652667afe06d589be96bd0e00cb12
    • Instruction Fuzzy Hash: 26113E26D18BC582E710DF20E4143AEA3A0F7D9744F91A33AE98E06755DF7DD1D58B10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957F6C4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: UTF-16LEUNICODE$UTF-8$ccs
    • API String ID: 3215553584-1196891531
    • Opcode ID: 00ba7aa1b10c35b756415dd95c17e11660131545fc3ff65e4ffbff0bc2fd9604
    • Instruction ID: 2ac9348237cc8827b37764ffd34095036397680f3de069fbbd8930d853473032
    • Opcode Fuzzy Hash: 00ba7aa1b10c35b756415dd95c17e11660131545fc3ff65e4ffbff0bc2fd9604
    • Instruction Fuzzy Hash: D181AE2AF0C24F99F765EF29825427CBAB09F11744FD49033CD8B566D5CA2DEB4183A2
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956ACA8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CallEncodePointerTranslator
    • String ID: MOC$RCC
    • API String ID: 3544855599-2084237596
    • Opcode ID: f421c89f2e553053d10ac328557ed68a274e98821355e4785ba85537e9a246b3
    • Instruction ID: 9ee7c413b983c2fb125b89249b687ae446513d7167de520e9cb03bfad36079bd
    • Opcode Fuzzy Hash: f421c89f2e553053d10ac328557ed68a274e98821355e4785ba85537e9a246b3
    • Instruction Fuzzy Hash: A091A273A087898AE711DF65E4402ADBBB0FB04788F90413AEE8E17795DF39D195C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956AA8C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CallEncodePointerTranslator
    • String ID: MOC$RCC
    • API String ID: 3544855599-2084237596
    • Opcode ID: e250d2f3ed4a1ef5c48fe717d81596a20cd38e15da6036fa9477969c52a769db
    • Instruction ID: 7341b0376f8609f1d6d22b1a8b877f157b6a66280cc464d3570e716621126da1
    • Opcode Fuzzy Hash: e250d2f3ed4a1ef5c48fe717d81596a20cd38e15da6036fa9477969c52a769db
    • Instruction Fuzzy Hash: A8615D32A08B498AE710AF65D4403ADBBB1FB44B88F844236EF4E17B99DF79E155C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956B21C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
    • String ID: csm$csm
    • API String ID: 3896166516-3733052814
    • Opcode ID: 562758a9728c05a8f733132c1594863bd1974b4d38efb8cdb2bf1bd14de9a2c5
    • Instruction ID: f2621bd4cf91ee2d436762826b64a2e9aa3615731b4124ba2937794774f59853
    • Opcode Fuzzy Hash: 562758a9728c05a8f733132c1594863bd1974b4d38efb8cdb2bf1bd14de9a2c5
    • Instruction Fuzzy Hash: C4515932A0C28A86EE74AE16A14426CB7B0EB51B85FD44137DA8E47BD5CF3CE4508B21
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957C2C0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: FileWrite$ConsoleErrorLastOutput
    • String ID:
    • API String ID: 2718003287-0
    • Opcode ID: 9678275b51cc33dfbc3ad6100010b9be521ce1cfac73d26d141066804f2d1607
    • Instruction ID: e677985423c29611d12b302be5d445ca5de290f2fa3c0b5d70bfd6556ceb5a14
    • Opcode Fuzzy Hash: 9678275b51cc33dfbc3ad6100010b9be521ce1cfac73d26d141066804f2d1607
    • Instruction Fuzzy Hash: CCD11472B18A4999E710EF69D4402ACB7B1FB44798BC04236CE9E97BD9DE38D646C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D95894D0 Relevance: 6.1, APIs: 4, Instructions: 134COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: 561fc5394c00812f0358dfe845b3981b62e3f85256a5937539234860fea17fe4
    • Instruction ID: 26ef9a918e11bbd1e29f56192732e980dfbeb5dbc56532063f0f079b35ed9275
    • Opcode Fuzzy Hash: 561fc5394c00812f0358dfe845b3981b62e3f85256a5937539234860fea17fe4
    • Instruction Fuzzy Hash: 90417190E0968E90FA08BF19E99937CE731AF56B88FD04433D54F065D6DE6CB5C48328
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957E6A4 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
    Download Yara Rule
    APIs
    • ReadConsoleInputW.KERNEL32(?,?,00000001,00007FF7D95748A7,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E6D0
    • GetLastError.KERNEL32(?,?,00000001,00007FF7D95748A7,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E6DC
    • CloseHandle.KERNEL32(?,?,00000001,00007FF7D95748A7,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E6F4
    • ReadConsoleInputW.KERNEL32(?,?,00000001,00007FF7D95748A7,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E70F
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ConsoleInputRead$CloseErrorHandleLast
    • String ID:
    • API String ID: 1281600104-0
    • Opcode ID: 3b08a5851f5e46a60c89b269a2cd0a8de8e90af808f19df176a4cfbfd04532cb
    • Instruction ID: 9290aaac2e8b804f4c16e065a358bdb4b7083e2f00e4be721c27348aec9c0b37
    • Opcode Fuzzy Hash: 3b08a5851f5e46a60c89b269a2cd0a8de8e90af808f19df176a4cfbfd04532cb
    • Instruction Fuzzy Hash: D0017520B18A4585EA40AF56F84402DE2B0AF89FE4FC44132ED6F837E5DE3CD9548764
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957E610 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
    Download Yara Rule
    APIs
    • GetConsoleMode.KERNEL32(?,?,00000001,00007FF7D957488E,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E627
    • GetLastError.KERNEL32(?,?,00000001,00007FF7D957488E,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E633
    • CloseHandle.KERNEL32(?,?,00000001,00007FF7D957488E,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E64B
    • GetConsoleMode.KERNEL32(?,?,00000001,00007FF7D957488E,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E660
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ConsoleMode$CloseErrorHandleLast
    • String ID:
    • API String ID: 281222627-0
    • Opcode ID: 3e958cd7e416131041c8ce4bc3e5bb9da3148912199f200ddd1c63ad99fe2cf5
    • Instruction ID: cca02205a44336e17e15adc90c505aa6ce2b426e067cb9b9779da84adb96bdc5
    • Opcode Fuzzy Hash: 3e958cd7e416131041c8ce4bc3e5bb9da3148912199f200ddd1c63ad99fe2cf5
    • Instruction Fuzzy Hash: 9FF01210B1864A81EA447F66F98403CE2B09F48FB4FC40232D96F876E5DF2CE9948724
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957E730 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
    Download Yara Rule
    APIs
    • SetConsoleMode.KERNEL32(?,?,00000001,00007FF7D9574895,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E745
    • GetLastError.KERNEL32(?,?,00000001,00007FF7D9574895,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E751
    • CloseHandle.KERNEL32(?,?,00000001,00007FF7D9574895,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E769
    • SetConsoleMode.KERNEL32(?,?,00000001,00007FF7D9574895,?,?,?,?,?,?,?,?,?,?,?,00007FF7D95747EA), ref: 00007FF7D957E77D
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ConsoleMode$CloseErrorHandleLast
    • String ID:
    • API String ID: 281222627-0
    • Opcode ID: cd75e82706e0cfab9a6ad89bab70cc31eb3a6c7f92213a6ce5b5db13b54cf90c
    • Instruction ID: 51d58d8b4cef266bef9c061fd1a9b5fee3e2b9ef88a8658a9d6f417f53c1106f
    • Opcode Fuzzy Hash: cd75e82706e0cfab9a6ad89bab70cc31eb3a6c7f92213a6ce5b5db13b54cf90c
    • Instruction Fuzzy Hash: 38F01D20F0864A52EA44BF65F98403CE2B1AF88B74FD40232D56F832E0DE2CE9958334
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956B454 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: __except_validate_context_record
    • String ID: csm$csm
    • API String ID: 1467352782-3733052814
    • Opcode ID: ab45e835a6058cab35a6bce77bbd55ec670d4618a5ca2dfb8f52a2c9b2f9054b
    • Instruction ID: 649dd9db4de15f26035a6d2688ddb696c52a4b349b11daf04f106aaeec8e5618
    • Opcode Fuzzy Hash: ab45e835a6058cab35a6bce77bbd55ec670d4618a5ca2dfb8f52a2c9b2f9054b
    • Instruction Fuzzy Hash: 8C71B072A0C68A86DB61AF25E09067DBBB0FB14B89FD48132DA4E07AC5CF3CD451C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D956BAE8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: CreateFrameInfo__except_validate_context_record
    • String ID: csm
    • API String ID: 2558813199-1018135373
    • Opcode ID: 6eca69d50081d149483c2db2c3aec4f9407e3b5959113e5f6a98466a1688040d
    • Instruction ID: 2ac5dba083308b38008ca3b0ec14054fb9cd8349024e000480fa560c40248539
    • Opcode Fuzzy Hash: 6eca69d50081d149483c2db2c3aec4f9407e3b5959113e5f6a98466a1688040d
    • Instruction Fuzzy Hash: 2551327261975A86EA20BF15E44026EB7B4FB89B90F941136EF8E07B95CF3CD451CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D957C958 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID: U
    • API String ID: 442123175-4171548499
    • Opcode ID: d042fcdf42b3d62dc830c7fb404a384ac3ecbbfb07d6ffdaed0a9e28894058a8
    • Instruction ID: 339233d4669a1162a9945a80268d01ef821afa11e28fba3ba348953132f092cf
    • Opcode Fuzzy Hash: d042fcdf42b3d62dc830c7fb404a384ac3ecbbfb07d6ffdaed0a9e28894058a8
    • Instruction Fuzzy Hash: A341D422A18A8591DB60EF25E4447BDA770FB98794FC04132EE8E87794EF3CD641C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9567A7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D95668BE), ref: 00007FF7D9567AC0
    • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D95668BE), ref: 00007FF7D9567B06
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: ExceptionFileHeaderRaise
    • String ID: csm
    • API String ID: 2573137834-1018135373
    • Opcode ID: 04d0c7f1fc11372efc21a1044f200d00f776067ba7466d6ec2e1706a1c8e50e5
    • Instruction ID: 2ddb429191554e870fa8d042657babe5176520a6909247919630f95561beae76
    • Opcode Fuzzy Hash: 04d0c7f1fc11372efc21a1044f200d00f776067ba7466d6ec2e1706a1c8e50e5
    • Instruction Fuzzy Hash: B3114F32608B4A82EB209F15E44026DB7B1FB88B84F984235DE8E07794DF3DDA51CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9562F00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: QueryValue
    • String ID: \StringFileInfo\%04X%04X\%s$\VarFileInfo\Translation
    • API String ID: 3660427363-755172729
    • Opcode ID: 6e8dec161c2717d7456e2178c31aeff596c7dfe1d50b5b4a0eef7926e0a07ec9
    • Instruction ID: dfe2c15507e42e364689c85bfc14aa6e0a1f94a1a9b608ffcec7ac990e17e37a
    • Opcode Fuzzy Hash: 6e8dec161c2717d7456e2178c31aeff596c7dfe1d50b5b4a0eef7926e0a07ec9
    • Instruction Fuzzy Hash: A2111662618A8A91EA50DF55F4512EAF371EBC8B84F844032EA8E47B69DE3CC145CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF7D9562FD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2085450845.00007FF7D9561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D9560000, based on PE: true
    • Associated: 00000000.00000002.2085438103.00007FF7D9560000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085471999.00007FF7D958A000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085491654.00007FF7D95A3000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A6000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff7d9560000_SecuriteInfo.jbxd
    Similarity
    • API ID: QueryValue
    • String ID: \StringFileInfo\%04X%04X\%s$\VarFileInfo\Translation
    • API String ID: 3660427363-755172729
    • Opcode ID: 78045680d7f6b73d116e8117ad8c2069b88933922a923634c7a0ccd649566167
    • Instruction ID: 9c94ef1421c9f1e97e8b3fdcecb41e805f0f6d473271e53328765b11a0edc285
    • Opcode Fuzzy Hash: 78045680d7f6b73d116e8117ad8c2069b88933922a923634c7a0ccd649566167
    • Instruction Fuzzy Hash: C3111666618A8991EA50DF55F4852AAF371EBC8B84FC04032EA8E47B69DF3CC149CB10
    Uniqueness

    Uniqueness Score: -1.00%