Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hv7H7u7IvS.exe

Overview

General Information

Sample name:hv7H7u7IvS.exe
renamed because original name is a hash value
Original sample name:50f45a0537eac244e3afa4f07684095d.exe
Analysis ID:1432351
MD5:50f45a0537eac244e3afa4f07684095d
SHA1:3f1f70aff06ecaa65188072405edbf4778868deb
SHA256:0b3f57e62dacdf7f1dddddbea20daced70e88ef547e795fbadfa124be5a422c2
Tags:64exe
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Program does not show much activity (idle)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample reads itself and does not show any behavior, likely it performs some host environment checks which are compared to an embedded key

Process Tree

  • System is w10x64
  • hv7H7u7IvS.exe (PID: 1004 cmdline: "C:\Users\user\Desktop\hv7H7u7IvS.exe" MD5: 50F45A0537EAC244E3AFA4F07684095D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: hv7H7u7IvS.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF66DD6842C
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD58AF0 FindFirstFileExW,FindClose,0_2_00007FF66DD58AF0
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD724C4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF66DD724C4
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF66DD6842C
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD7789C0_2_00007FF66DD7789C
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD626800_2_00007FF66DD62680
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD61E600_2_00007FF66DD61E60
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6E5FC0_2_00007FF66DD6E5FC
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD7A5D80_2_00007FF66DD7A5D8
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD5A55D0_2_00007FF66DD5A55D
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6842C0_2_00007FF66DD6842C
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6F1100_2_00007FF66DD6F110
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD640C40_2_00007FF66DD640C4
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD590C00_2_00007FF66DD590C0
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD628840_2_00007FF66DD62884
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD620640_2_00007FF66DD62064
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD748600_2_00007FF66DD74860
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD715180_2_00007FF66DD71518
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD633300_2_00007FF66DD63330
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD682780_2_00007FF66DD68278
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6EA900_2_00007FF66DD6EA90
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD622700_2_00007FF66DD62270
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6AA100_2_00007FF66DD6AA10
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD769500_2_00007FF66DD76950
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD579500_2_00007FF66DD57950
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD715180_2_00007FF66DD71518
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD59D2B0_2_00007FF66DD59D2B
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD74CFC0_2_00007FF66DD74CFC
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD665100_2_00007FF66DD66510
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD724C40_2_00007FF66DD724C4
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD63CC00_2_00007FF66DD63CC0
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD68CB00_2_00007FF66DD68CB0
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD624740_2_00007FF66DD62474
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6842C0_2_00007FF66DD6842C
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD76BCC0_2_00007FF66DD76BCC
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD59B8B0_2_00007FF66DD59B8B
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD773500_2_00007FF66DD77350
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: String function: 00007FF66DD52B10 appears 47 times
Source: classification engineClassification label: clean5.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD58560 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF66DD58560
Source: hv7H7u7IvS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeFile read: C:\Users\user\Desktop\hv7H7u7IvS.exeJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeSection loaded: wintypes.dllJump to behavior
Source: hv7H7u7IvS.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: hv7H7u7IvS.exeStatic file information: File size 30408704 > 1048576
Source: hv7H7u7IvS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: hv7H7u7IvS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: hv7H7u7IvS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: hv7H7u7IvS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: hv7H7u7IvS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: hv7H7u7IvS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: hv7H7u7IvS.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: hv7H7u7IvS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: hv7H7u7IvS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: hv7H7u7IvS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: hv7H7u7IvS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: hv7H7u7IvS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: hv7H7u7IvS.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: hv7H7u7IvS.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD56EF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF66DD56EF0
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17647
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeAPI coverage: 6.1 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF66DD6842C
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD58AF0 FindFirstFileExW,FindClose,0_2_00007FF66DD58AF0
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD724C4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF66DD724C4
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF66DD6842C
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD5C6AC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF66DD5C6AC
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD740D0 GetProcessHeap,0_2_00007FF66DD740D0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD5C6AC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF66DD5C6AC
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD5BE20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF66DD5BE20
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD5C88C SetUnhandledExceptionFilter,0_2_00007FF66DD5C88C
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD6B1B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF66DD6B1B8
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD7A420 cpuid 0_2_00007FF66DD7A420
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD5C590 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF66DD5C590
Source: C:\Users\user\Desktop\hv7H7u7IvS.exeCode function: 0_2_00007FF66DD76950 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF66DD76950

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS13
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
hv7H7u7IvS.exe3%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1432351
Start date and time:2024-04-26 22:23:11 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 2m 23s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:hv7H7u7IvS.exe
renamed because original name is a hash value
Original Sample Name:50f45a0537eac244e3afa4f07684095d.exe
Detection:CLEAN
Classification:clean5.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 98%
  • Number of executed functions: 17
  • Number of non-executed functions: 86
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Report size getting too big, too many NtSetInformationFile calls found.
  • VT rate limit hit for: hv7H7u7IvS.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):7.992953719781898
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:hv7H7u7IvS.exe
File size:30'408'704 bytes
MD5:50f45a0537eac244e3afa4f07684095d
SHA1:3f1f70aff06ecaa65188072405edbf4778868deb
SHA256:0b3f57e62dacdf7f1dddddbea20daced70e88ef547e795fbadfa124be5a422c2
SHA512:5c57ec3e57b6c599d130c1a5d9f50f9dbab5f965b2f15e113041fee66cc7c7ff098a120126f4284d9923d9e6ce11ca5c51e1610a70975c0dc42ad06a62efd975
SSDEEP:786432:OQlUgl0SP/bLFlkNvdt6xEVFVNMi3Lem/jt4jRJM:OQ+gFP/V4f6Gj53ikjt4jR2
TLSH:466733B89F45ACC8E1AAB1366240CB0FDCA6B40E3325959763E009781F9F3D71BED951
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................-.....................,.............................................................Rich...........

File Icon

Icon Hash:4a464cd47461e179

Static PE Info

General

Entrypoint:0x14000c330
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:0x65F0A981 [Tue Mar 12 19:14:09 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:2
File Version Major:5
File Version Minor:2
Subsystem Version Major:5
Subsystem Version Minor:2
Import Hash:1af6c885af093afc55142c2f1761dbe8

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F8274F74DBCh
dec eax
add esp, 28h
jmp 00007F8274F749DFh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
sub esp, 28h
call 00007F8274F75334h
test eax, eax
je 00007F8274F74B83h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007F8274F74B67h
dec eax
cmp ecx, eax
je 00007F8274F74B76h
xor eax, eax
dec eax
cmpxchg dword ptr [000351BCh], ecx
jne 00007F8274F74B50h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007F8274F74B59h
int3
int3
int3
dec eax
sub esp, 28h
test ecx, ecx
jne 00007F8274F74B69h
mov byte ptr [000351A5h], 00000001h
call 00007F8274F75141h
call 00007F8274F75748h
test al, al
jne 00007F8274F74B66h
xor al, al
jmp 00007F8274F74B76h
call 00007F8274F836AFh
test al, al
jne 00007F8274F74B6Bh
xor ecx, ecx
call 00007F8274F75758h
jmp 00007F8274F74B4Ch
mov al, 01h
dec eax
add esp, 28h
ret
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [0003516Ch], 00000000h
mov ebx, ecx
jne 00007F8274F74BC9h
cmp ecx, 01h
jnbe 00007F8274F74BCCh
call 00007F8274F752AAh
test eax, eax
je 00007F8274F74B8Ah
test ebx, ebx
jne 00007F8274F74B86h
dec eax
lea ecx, dword ptr [00035156h]
call 00007F8274F834A2h

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x3e0940x78.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x430000x2304.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x758.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x3b4400x1c.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3b3000x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x2c0000x420.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x2adb00x2ae0075d19a4940b1c41e95d0f65f35d07455False0.5456735149416909data6.502519008894634IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x2c0000x12ebc0x130005288755939ecd1e1e720f719013984c7False0.5153423108552632data5.816302686675576IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x3f0000x33b80xe00c77d6acf176d4b487ea671c3fd3a6945False0.13392857142857142firmware 32a2 vdf2d (revision 2569732096) \377\377\377\377 , version 256.0.512, 0 bytes or less, at 0xcd5d20d2 1725235199 bytes , at 0 0 bytes , at 0xffffffff 16777216 bytes1.828047079050098IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x430000x23040x2400f9c9a5a34be2cb8fd1246f51c7b22c72False0.4797092013888889data5.38202672986895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x460000x1f40x2004ec0234c233e8c5ae54cd80f9630ff86False0.525390625data3.698330622853966IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x570000x7580x800f1d633c1708caf707b59b5e59d6f78b3False0.54443359375data5.24651730799357IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
RT_GROUP_ICON0x55ea40x68data0.7019230769230769
RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

Imports

DLLImport
USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
COMCTL32.dll
KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:22:23:57
Start date:26/04/2024
Path:C:\Users\user\Desktop\hv7H7u7IvS.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\hv7H7u7IvS.exe"
Imagebase:0x7ff66dd50000
File size:30'408'704 bytes
MD5 hash:50F45A0537EAC244E3AFA4F07684095D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:5.2%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:17.2%
    Total number of Nodes:2000
    Total number of Limit Nodes:37
    execution_graph 19181 7ff66dd71518 19182 7ff66dd7153c 19181->19182 19185 7ff66dd7154c 19181->19185 19183 7ff66dd65aa4 _set_fmode 11 API calls 19182->19183 19206 7ff66dd71541 19183->19206 19184 7ff66dd7182c 19187 7ff66dd65aa4 _set_fmode 11 API calls 19184->19187 19185->19184 19186 7ff66dd7156e 19185->19186 19188 7ff66dd7158f 19186->19188 19312 7ff66dd71bd4 19186->19312 19189 7ff66dd71831 19187->19189 19192 7ff66dd71601 19188->19192 19194 7ff66dd715b5 19188->19194 19201 7ff66dd715f5 19188->19201 19191 7ff66dd6b4ec __free_lconv_num 11 API calls 19189->19191 19191->19206 19197 7ff66dd6f738 _set_fmode 11 API calls 19192->19197 19210 7ff66dd715c4 19192->19210 19193 7ff66dd716ae 19205 7ff66dd716cb 19193->19205 19211 7ff66dd7171d 19193->19211 19327 7ff66dd6a230 19194->19327 19198 7ff66dd71617 19197->19198 19202 7ff66dd6b4ec __free_lconv_num 11 API calls 19198->19202 19200 7ff66dd6b4ec __free_lconv_num 11 API calls 19200->19206 19201->19193 19201->19210 19333 7ff66dd77fdc 19201->19333 19207 7ff66dd71625 19202->19207 19203 7ff66dd715dd 19203->19201 19213 7ff66dd71bd4 45 API calls 19203->19213 19204 7ff66dd715bf 19208 7ff66dd65aa4 _set_fmode 11 API calls 19204->19208 19209 7ff66dd6b4ec __free_lconv_num 11 API calls 19205->19209 19207->19201 19207->19210 19215 7ff66dd6f738 _set_fmode 11 API calls 19207->19215 19208->19210 19212 7ff66dd716d4 19209->19212 19210->19200 19211->19210 19214 7ff66dd7402c 40 API calls 19211->19214 19222 7ff66dd716d9 19212->19222 19369 7ff66dd7402c 19212->19369 19213->19201 19216 7ff66dd7175a 19214->19216 19217 7ff66dd71647 19215->19217 19218 7ff66dd6b4ec __free_lconv_num 11 API calls 19216->19218 19220 7ff66dd6b4ec __free_lconv_num 11 API calls 19217->19220 19221 7ff66dd71764 19218->19221 19220->19201 19221->19210 19221->19222 19223 7ff66dd71820 19222->19223 19227 7ff66dd6f738 _set_fmode 11 API calls 19222->19227 19226 7ff66dd6b4ec __free_lconv_num 11 API calls 19223->19226 19224 7ff66dd71705 19225 7ff66dd6b4ec __free_lconv_num 11 API calls 19224->19225 19225->19222 19226->19206 19228 7ff66dd717a8 19227->19228 19229 7ff66dd717b9 19228->19229 19230 7ff66dd717b0 19228->19230 19232 7ff66dd6b01c __std_exception_copy 37 API calls 19229->19232 19231 7ff66dd6b4ec __free_lconv_num 11 API calls 19230->19231 19233 7ff66dd717b7 19231->19233 19234 7ff66dd717c8 19232->19234 19238 7ff66dd6b4ec __free_lconv_num 11 API calls 19233->19238 19235 7ff66dd7185b 19234->19235 19236 7ff66dd717d0 19234->19236 19237 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 19235->19237 19378 7ff66dd780f4 19236->19378 19240 7ff66dd7186f 19237->19240 19238->19206 19242 7ff66dd71898 19240->19242 19251 7ff66dd718a8 19240->19251 19245 7ff66dd65aa4 _set_fmode 11 API calls 19242->19245 19243 7ff66dd71818 19246 7ff66dd6b4ec __free_lconv_num 11 API calls 19243->19246 19244 7ff66dd717f7 19247 7ff66dd65aa4 _set_fmode 11 API calls 19244->19247 19274 7ff66dd7189d 19245->19274 19246->19223 19248 7ff66dd717fc 19247->19248 19249 7ff66dd6b4ec __free_lconv_num 11 API calls 19248->19249 19249->19233 19250 7ff66dd71b8b 19253 7ff66dd65aa4 _set_fmode 11 API calls 19250->19253 19251->19250 19252 7ff66dd718ca 19251->19252 19254 7ff66dd718e7 19252->19254 19397 7ff66dd71cbc 19252->19397 19255 7ff66dd71b90 19253->19255 19258 7ff66dd7195b 19254->19258 19259 7ff66dd7190f 19254->19259 19264 7ff66dd7194f 19254->19264 19257 7ff66dd6b4ec __free_lconv_num 11 API calls 19255->19257 19257->19274 19262 7ff66dd71983 19258->19262 19265 7ff66dd6f738 _set_fmode 11 API calls 19258->19265 19279 7ff66dd7191e 19258->19279 19412 7ff66dd6a26c 19259->19412 19260 7ff66dd71a0e 19273 7ff66dd71a2b 19260->19273 19280 7ff66dd71a7e 19260->19280 19262->19264 19267 7ff66dd6f738 _set_fmode 11 API calls 19262->19267 19262->19279 19264->19260 19264->19279 19418 7ff66dd77e9c 19264->19418 19269 7ff66dd71975 19265->19269 19272 7ff66dd719a5 19267->19272 19268 7ff66dd6b4ec __free_lconv_num 11 API calls 19268->19274 19275 7ff66dd6b4ec __free_lconv_num 11 API calls 19269->19275 19270 7ff66dd71919 19276 7ff66dd65aa4 _set_fmode 11 API calls 19270->19276 19271 7ff66dd71937 19271->19264 19282 7ff66dd71cbc 45 API calls 19271->19282 19277 7ff66dd6b4ec __free_lconv_num 11 API calls 19272->19277 19278 7ff66dd6b4ec __free_lconv_num 11 API calls 19273->19278 19275->19262 19276->19279 19277->19264 19281 7ff66dd71a34 19278->19281 19279->19268 19280->19279 19283 7ff66dd7402c 40 API calls 19280->19283 19285 7ff66dd7402c 40 API calls 19281->19285 19287 7ff66dd71a3a 19281->19287 19282->19264 19284 7ff66dd71abc 19283->19284 19286 7ff66dd6b4ec __free_lconv_num 11 API calls 19284->19286 19289 7ff66dd71a66 19285->19289 19290 7ff66dd71ac6 19286->19290 19288 7ff66dd71b7f 19287->19288 19293 7ff66dd6f738 _set_fmode 11 API calls 19287->19293 19292 7ff66dd6b4ec __free_lconv_num 11 API calls 19288->19292 19291 7ff66dd6b4ec __free_lconv_num 11 API calls 19289->19291 19290->19279 19290->19287 19291->19287 19292->19274 19294 7ff66dd71b0b 19293->19294 19295 7ff66dd71b1c 19294->19295 19296 7ff66dd71b13 19294->19296 19298 7ff66dd71434 _wfindfirst32i64 37 API calls 19295->19298 19297 7ff66dd6b4ec __free_lconv_num 11 API calls 19296->19297 19299 7ff66dd71b1a 19297->19299 19300 7ff66dd71b2a 19298->19300 19304 7ff66dd6b4ec __free_lconv_num 11 API calls 19299->19304 19301 7ff66dd71b32 SetEnvironmentVariableW 19300->19301 19302 7ff66dd71bbf 19300->19302 19305 7ff66dd71b56 19301->19305 19306 7ff66dd71b77 19301->19306 19303 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 19302->19303 19307 7ff66dd71bd3 19303->19307 19304->19274 19309 7ff66dd65aa4 _set_fmode 11 API calls 19305->19309 19308 7ff66dd6b4ec __free_lconv_num 11 API calls 19306->19308 19308->19288 19310 7ff66dd71b5b 19309->19310 19311 7ff66dd6b4ec __free_lconv_num 11 API calls 19310->19311 19311->19299 19313 7ff66dd71c09 19312->19313 19314 7ff66dd71bf1 19312->19314 19315 7ff66dd6f738 _set_fmode 11 API calls 19313->19315 19314->19188 19322 7ff66dd71c2d 19315->19322 19316 7ff66dd71cb2 19318 7ff66dd6b07c __CxxCallCatchBlock 45 API calls 19316->19318 19317 7ff66dd71c8e 19319 7ff66dd6b4ec __free_lconv_num 11 API calls 19317->19319 19320 7ff66dd71cb8 19318->19320 19319->19314 19321 7ff66dd6f738 _set_fmode 11 API calls 19321->19322 19322->19316 19322->19317 19322->19321 19323 7ff66dd6b4ec __free_lconv_num 11 API calls 19322->19323 19324 7ff66dd6b01c __std_exception_copy 37 API calls 19322->19324 19325 7ff66dd71c9d 19322->19325 19323->19322 19324->19322 19326 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 19325->19326 19326->19316 19328 7ff66dd6a240 19327->19328 19331 7ff66dd6a249 19327->19331 19328->19331 19442 7ff66dd69d08 19328->19442 19331->19203 19331->19204 19334 7ff66dd7718c 19333->19334 19335 7ff66dd77fe9 19333->19335 19336 7ff66dd77199 19334->19336 19344 7ff66dd771cf 19334->19344 19337 7ff66dd65578 45 API calls 19335->19337 19340 7ff66dd65aa4 _set_fmode 11 API calls 19336->19340 19356 7ff66dd77140 19336->19356 19338 7ff66dd7801d 19337->19338 19341 7ff66dd78022 19338->19341 19345 7ff66dd78033 19338->19345 19349 7ff66dd7804a 19338->19349 19339 7ff66dd771f9 19342 7ff66dd65aa4 _set_fmode 11 API calls 19339->19342 19343 7ff66dd771a3 19340->19343 19341->19201 19346 7ff66dd771fe 19342->19346 19347 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 19343->19347 19344->19339 19348 7ff66dd7721e 19344->19348 19351 7ff66dd65aa4 _set_fmode 11 API calls 19345->19351 19350 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 19346->19350 19352 7ff66dd771ae 19347->19352 19355 7ff66dd65578 45 API calls 19348->19355 19359 7ff66dd77209 19348->19359 19353 7ff66dd78066 19349->19353 19354 7ff66dd78054 19349->19354 19350->19359 19357 7ff66dd78038 19351->19357 19352->19201 19360 7ff66dd78077 19353->19360 19361 7ff66dd7808e 19353->19361 19358 7ff66dd65aa4 _set_fmode 11 API calls 19354->19358 19355->19359 19356->19201 19362 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 19357->19362 19363 7ff66dd78059 19358->19363 19359->19201 19665 7ff66dd771dc 19360->19665 19674 7ff66dd79e04 19361->19674 19362->19341 19366 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 19363->19366 19366->19341 19368 7ff66dd65aa4 _set_fmode 11 API calls 19368->19341 19370 7ff66dd7406b 19369->19370 19371 7ff66dd7404e 19369->19371 19375 7ff66dd74075 19370->19375 19714 7ff66dd78ae8 19370->19714 19371->19370 19372 7ff66dd7405c 19371->19372 19373 7ff66dd65aa4 _set_fmode 11 API calls 19372->19373 19377 7ff66dd74061 memcpy_s 19373->19377 19721 7ff66dd7149c 19375->19721 19377->19224 19379 7ff66dd65578 45 API calls 19378->19379 19380 7ff66dd7815a 19379->19380 19381 7ff66dd78168 19380->19381 19382 7ff66dd6f9c4 5 API calls 19380->19382 19383 7ff66dd65b64 14 API calls 19381->19383 19382->19381 19384 7ff66dd781c4 19383->19384 19385 7ff66dd78254 19384->19385 19386 7ff66dd65578 45 API calls 19384->19386 19388 7ff66dd78265 19385->19388 19389 7ff66dd6b4ec __free_lconv_num 11 API calls 19385->19389 19387 7ff66dd781d7 19386->19387 19391 7ff66dd6f9c4 5 API calls 19387->19391 19394 7ff66dd781e0 19387->19394 19390 7ff66dd717f3 19388->19390 19392 7ff66dd6b4ec __free_lconv_num 11 API calls 19388->19392 19389->19388 19390->19243 19390->19244 19391->19394 19392->19390 19393 7ff66dd65b64 14 API calls 19395 7ff66dd7823b 19393->19395 19394->19393 19395->19385 19396 7ff66dd78243 SetEnvironmentVariableW 19395->19396 19396->19385 19398 7ff66dd71cdf 19397->19398 19399 7ff66dd71cfc 19397->19399 19398->19254 19399->19399 19400 7ff66dd6f738 _set_fmode 11 API calls 19399->19400 19407 7ff66dd71d20 19400->19407 19401 7ff66dd71da4 19403 7ff66dd6b07c __CxxCallCatchBlock 45 API calls 19401->19403 19402 7ff66dd71d81 19404 7ff66dd6b4ec __free_lconv_num 11 API calls 19402->19404 19405 7ff66dd71daa 19403->19405 19404->19398 19406 7ff66dd6f738 _set_fmode 11 API calls 19406->19407 19407->19401 19407->19402 19407->19406 19408 7ff66dd6b4ec __free_lconv_num 11 API calls 19407->19408 19409 7ff66dd71434 _wfindfirst32i64 37 API calls 19407->19409 19410 7ff66dd71d90 19407->19410 19408->19407 19409->19407 19411 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 19410->19411 19411->19401 19413 7ff66dd6a27c 19412->19413 19415 7ff66dd6a285 19412->19415 19413->19415 19733 7ff66dd69d7c 19413->19733 19415->19270 19415->19271 19419 7ff66dd77ea9 19418->19419 19423 7ff66dd77ed6 19418->19423 19420 7ff66dd77eae 19419->19420 19419->19423 19421 7ff66dd65aa4 _set_fmode 11 API calls 19420->19421 19424 7ff66dd77eb3 19421->19424 19422 7ff66dd77f1a 19425 7ff66dd65aa4 _set_fmode 11 API calls 19422->19425 19423->19422 19426 7ff66dd77f39 19423->19426 19440 7ff66dd77f0e __crtLCMapStringW 19423->19440 19427 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 19424->19427 19428 7ff66dd77f1f 19425->19428 19429 7ff66dd77f55 19426->19429 19430 7ff66dd77f43 19426->19430 19431 7ff66dd77ebe 19427->19431 19433 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 19428->19433 19432 7ff66dd65578 45 API calls 19429->19432 19434 7ff66dd65aa4 _set_fmode 11 API calls 19430->19434 19431->19264 19436 7ff66dd77f62 19432->19436 19433->19440 19435 7ff66dd77f48 19434->19435 19437 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 19435->19437 19436->19440 19780 7ff66dd799c0 19436->19780 19437->19440 19440->19264 19441 7ff66dd65aa4 _set_fmode 11 API calls 19441->19440 19443 7ff66dd69d21 19442->19443 19456 7ff66dd69d1d 19442->19456 19465 7ff66dd73240 19443->19465 19448 7ff66dd69d33 19450 7ff66dd6b4ec __free_lconv_num 11 API calls 19448->19450 19449 7ff66dd69d3f 19491 7ff66dd69dec 19449->19491 19450->19456 19453 7ff66dd6b4ec __free_lconv_num 11 API calls 19454 7ff66dd69d66 19453->19454 19455 7ff66dd6b4ec __free_lconv_num 11 API calls 19454->19455 19455->19456 19456->19331 19457 7ff66dd6a05c 19456->19457 19458 7ff66dd6a085 19457->19458 19463 7ff66dd6a09e 19457->19463 19458->19331 19459 7ff66dd70aa8 WideCharToMultiByte 19459->19463 19460 7ff66dd6f738 _set_fmode 11 API calls 19460->19463 19461 7ff66dd6a12e 19462 7ff66dd6b4ec __free_lconv_num 11 API calls 19461->19462 19462->19458 19463->19458 19463->19459 19463->19460 19463->19461 19464 7ff66dd6b4ec __free_lconv_num 11 API calls 19463->19464 19464->19463 19466 7ff66dd7324d 19465->19466 19467 7ff66dd69d26 19465->19467 19510 7ff66dd6bdc4 19466->19510 19471 7ff66dd7357c GetEnvironmentStringsW 19467->19471 19472 7ff66dd69d2b 19471->19472 19474 7ff66dd735ac 19471->19474 19472->19448 19472->19449 19473 7ff66dd70aa8 WideCharToMultiByte 19475 7ff66dd735fd 19473->19475 19474->19473 19474->19474 19476 7ff66dd73604 FreeEnvironmentStringsW 19475->19476 19477 7ff66dd6e19c _fread_nolock 12 API calls 19475->19477 19476->19472 19478 7ff66dd73617 19477->19478 19479 7ff66dd73628 19478->19479 19480 7ff66dd7361f 19478->19480 19482 7ff66dd70aa8 WideCharToMultiByte 19479->19482 19481 7ff66dd6b4ec __free_lconv_num 11 API calls 19480->19481 19483 7ff66dd73626 19481->19483 19484 7ff66dd7364b 19482->19484 19483->19476 19485 7ff66dd73659 19484->19485 19486 7ff66dd7364f 19484->19486 19487 7ff66dd6b4ec __free_lconv_num 11 API calls 19485->19487 19488 7ff66dd6b4ec __free_lconv_num 11 API calls 19486->19488 19489 7ff66dd73657 FreeEnvironmentStringsW 19487->19489 19488->19489 19489->19472 19492 7ff66dd69e11 19491->19492 19493 7ff66dd6f738 _set_fmode 11 API calls 19492->19493 19499 7ff66dd69e47 19493->19499 19494 7ff66dd6b4ec __free_lconv_num 11 API calls 19495 7ff66dd69d47 19494->19495 19495->19453 19496 7ff66dd69ec2 19497 7ff66dd6b4ec __free_lconv_num 11 API calls 19496->19497 19497->19495 19498 7ff66dd6f738 _set_fmode 11 API calls 19498->19499 19499->19496 19499->19498 19500 7ff66dd69eb1 19499->19500 19501 7ff66dd6b01c __std_exception_copy 37 API calls 19499->19501 19504 7ff66dd69ee7 19499->19504 19507 7ff66dd6b4ec __free_lconv_num 11 API calls 19499->19507 19508 7ff66dd69e4f 19499->19508 19659 7ff66dd6a018 19500->19659 19501->19499 19506 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 19504->19506 19505 7ff66dd6b4ec __free_lconv_num 11 API calls 19505->19508 19509 7ff66dd69efa 19506->19509 19507->19499 19508->19494 19511 7ff66dd6bdd5 FlsGetValue 19510->19511 19512 7ff66dd6bdf0 FlsSetValue 19510->19512 19513 7ff66dd6bdea 19511->19513 19514 7ff66dd6bde2 19511->19514 19512->19514 19515 7ff66dd6bdfd 19512->19515 19513->19512 19516 7ff66dd6bde8 19514->19516 19517 7ff66dd6b07c __CxxCallCatchBlock 45 API calls 19514->19517 19518 7ff66dd6f738 _set_fmode 11 API calls 19515->19518 19530 7ff66dd72f14 19516->19530 19519 7ff66dd6be65 19517->19519 19520 7ff66dd6be0c 19518->19520 19521 7ff66dd6be2a FlsSetValue 19520->19521 19522 7ff66dd6be1a FlsSetValue 19520->19522 19523 7ff66dd6be48 19521->19523 19524 7ff66dd6be36 FlsSetValue 19521->19524 19525 7ff66dd6be23 19522->19525 19526 7ff66dd6ba98 _set_fmode 11 API calls 19523->19526 19524->19525 19527 7ff66dd6b4ec __free_lconv_num 11 API calls 19525->19527 19528 7ff66dd6be50 19526->19528 19527->19514 19529 7ff66dd6b4ec __free_lconv_num 11 API calls 19528->19529 19529->19516 19553 7ff66dd73184 19530->19553 19532 7ff66dd72f49 19568 7ff66dd72c14 19532->19568 19535 7ff66dd72f66 19535->19467 19536 7ff66dd6e19c _fread_nolock 12 API calls 19537 7ff66dd72f77 19536->19537 19538 7ff66dd72f7f 19537->19538 19540 7ff66dd72f8e 19537->19540 19539 7ff66dd6b4ec __free_lconv_num 11 API calls 19538->19539 19539->19535 19540->19540 19575 7ff66dd732bc 19540->19575 19543 7ff66dd7308a 19544 7ff66dd65aa4 _set_fmode 11 API calls 19543->19544 19546 7ff66dd7308f 19544->19546 19545 7ff66dd730e5 19548 7ff66dd7314c 19545->19548 19586 7ff66dd72a44 19545->19586 19549 7ff66dd6b4ec __free_lconv_num 11 API calls 19546->19549 19547 7ff66dd730a4 19547->19545 19550 7ff66dd6b4ec __free_lconv_num 11 API calls 19547->19550 19552 7ff66dd6b4ec __free_lconv_num 11 API calls 19548->19552 19549->19535 19550->19545 19552->19535 19554 7ff66dd731a7 19553->19554 19557 7ff66dd731b1 19554->19557 19601 7ff66dd71298 EnterCriticalSection 19554->19601 19558 7ff66dd73223 19557->19558 19560 7ff66dd6b07c __CxxCallCatchBlock 45 API calls 19557->19560 19558->19532 19561 7ff66dd7323b 19560->19561 19564 7ff66dd73292 19561->19564 19565 7ff66dd6bdc4 50 API calls 19561->19565 19564->19532 19566 7ff66dd7327c 19565->19566 19567 7ff66dd72f14 65 API calls 19566->19567 19567->19564 19569 7ff66dd65578 45 API calls 19568->19569 19570 7ff66dd72c28 19569->19570 19571 7ff66dd72c46 19570->19571 19572 7ff66dd72c34 GetOEMCP 19570->19572 19573 7ff66dd72c4b GetACP 19571->19573 19574 7ff66dd72c5b 19571->19574 19572->19574 19573->19574 19574->19535 19574->19536 19576 7ff66dd72c14 47 API calls 19575->19576 19577 7ff66dd732e9 19576->19577 19578 7ff66dd7343f 19577->19578 19580 7ff66dd73326 IsValidCodePage 19577->19580 19585 7ff66dd73340 memcpy_s 19577->19585 19579 7ff66dd5be00 _wfindfirst32i64 8 API calls 19578->19579 19581 7ff66dd73081 19579->19581 19580->19578 19582 7ff66dd73337 19580->19582 19581->19543 19581->19547 19583 7ff66dd73366 GetCPInfo 19582->19583 19582->19585 19583->19578 19583->19585 19602 7ff66dd72d2c 19585->19602 19658 7ff66dd71298 EnterCriticalSection 19586->19658 19603 7ff66dd72d69 GetCPInfo 19602->19603 19604 7ff66dd72e5f 19602->19604 19603->19604 19605 7ff66dd72d7c 19603->19605 19606 7ff66dd5be00 _wfindfirst32i64 8 API calls 19604->19606 19607 7ff66dd73a90 48 API calls 19605->19607 19608 7ff66dd72efe 19606->19608 19609 7ff66dd72df3 19607->19609 19608->19578 19613 7ff66dd78a34 19609->19613 19612 7ff66dd78a34 54 API calls 19612->19604 19614 7ff66dd65578 45 API calls 19613->19614 19615 7ff66dd78a59 19614->19615 19618 7ff66dd78700 19615->19618 19619 7ff66dd78741 19618->19619 19620 7ff66dd701e0 _fread_nolock MultiByteToWideChar 19619->19620 19621 7ff66dd7878b 19620->19621 19624 7ff66dd788c1 19621->19624 19625 7ff66dd6e19c _fread_nolock 12 API calls 19621->19625 19626 7ff66dd78a09 19621->19626 19628 7ff66dd787c3 19621->19628 19622 7ff66dd5be00 _wfindfirst32i64 8 API calls 19623 7ff66dd72e26 19622->19623 19623->19612 19624->19626 19627 7ff66dd6b4ec __free_lconv_num 11 API calls 19624->19627 19625->19628 19626->19622 19627->19626 19628->19624 19629 7ff66dd701e0 _fread_nolock MultiByteToWideChar 19628->19629 19630 7ff66dd78836 19629->19630 19630->19624 19649 7ff66dd6fb84 19630->19649 19633 7ff66dd788d2 19635 7ff66dd6e19c _fread_nolock 12 API calls 19633->19635 19637 7ff66dd789a4 19633->19637 19639 7ff66dd788f0 19633->19639 19634 7ff66dd78881 19634->19624 19636 7ff66dd6fb84 __crtLCMapStringW 6 API calls 19634->19636 19635->19639 19636->19624 19637->19624 19638 7ff66dd6b4ec __free_lconv_num 11 API calls 19637->19638 19638->19624 19639->19624 19640 7ff66dd6fb84 __crtLCMapStringW 6 API calls 19639->19640 19641 7ff66dd78970 19640->19641 19641->19637 19642 7ff66dd789a6 19641->19642 19643 7ff66dd78990 19641->19643 19644 7ff66dd70aa8 WideCharToMultiByte 19642->19644 19645 7ff66dd70aa8 WideCharToMultiByte 19643->19645 19646 7ff66dd7899e 19644->19646 19645->19646 19646->19637 19647 7ff66dd789be 19646->19647 19647->19624 19648 7ff66dd6b4ec __free_lconv_num 11 API calls 19647->19648 19648->19624 19650 7ff66dd6f7b0 __crtLCMapStringW 5 API calls 19649->19650 19651 7ff66dd6fbc2 19650->19651 19652 7ff66dd6fbca 19651->19652 19655 7ff66dd6fc70 19651->19655 19652->19624 19652->19633 19652->19634 19654 7ff66dd6fc33 LCMapStringW 19654->19652 19656 7ff66dd6f7b0 __crtLCMapStringW 5 API calls 19655->19656 19657 7ff66dd6fc9e __crtLCMapStringW 19656->19657 19657->19654 19661 7ff66dd6a01d 19659->19661 19664 7ff66dd69eb9 19659->19664 19660 7ff66dd6a046 19663 7ff66dd6b4ec __free_lconv_num 11 API calls 19660->19663 19661->19660 19662 7ff66dd6b4ec __free_lconv_num 11 API calls 19661->19662 19662->19661 19663->19664 19664->19505 19666 7ff66dd771f9 19665->19666 19667 7ff66dd77210 19665->19667 19668 7ff66dd65aa4 _set_fmode 11 API calls 19666->19668 19667->19666 19670 7ff66dd7721e 19667->19670 19669 7ff66dd771fe 19668->19669 19671 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 19669->19671 19672 7ff66dd65578 45 API calls 19670->19672 19673 7ff66dd77209 19670->19673 19671->19673 19672->19673 19673->19341 19675 7ff66dd65578 45 API calls 19674->19675 19676 7ff66dd79e29 19675->19676 19679 7ff66dd79a80 19676->19679 19681 7ff66dd79ace 19679->19681 19680 7ff66dd5be00 _wfindfirst32i64 8 API calls 19682 7ff66dd780b5 19680->19682 19683 7ff66dd79b55 19681->19683 19685 7ff66dd79b40 GetCPInfo 19681->19685 19689 7ff66dd79b59 19681->19689 19682->19341 19682->19368 19684 7ff66dd701e0 _fread_nolock MultiByteToWideChar 19683->19684 19683->19689 19687 7ff66dd79bed 19684->19687 19685->19683 19685->19689 19686 7ff66dd79c24 19686->19689 19690 7ff66dd701e0 _fread_nolock MultiByteToWideChar 19686->19690 19687->19686 19688 7ff66dd6e19c _fread_nolock 12 API calls 19687->19688 19687->19689 19688->19686 19689->19680 19691 7ff66dd79c92 19690->19691 19692 7ff66dd79d74 19691->19692 19693 7ff66dd701e0 _fread_nolock MultiByteToWideChar 19691->19693 19692->19689 19694 7ff66dd6b4ec __free_lconv_num 11 API calls 19692->19694 19695 7ff66dd79cb8 19693->19695 19694->19689 19695->19692 19696 7ff66dd6e19c _fread_nolock 12 API calls 19695->19696 19697 7ff66dd79ce5 19695->19697 19696->19697 19697->19692 19698 7ff66dd701e0 _fread_nolock MultiByteToWideChar 19697->19698 19699 7ff66dd79d5c 19698->19699 19700 7ff66dd79d7c 19699->19700 19701 7ff66dd79d62 19699->19701 19708 7ff66dd6fa08 19700->19708 19701->19692 19704 7ff66dd6b4ec __free_lconv_num 11 API calls 19701->19704 19704->19692 19705 7ff66dd79dbb 19705->19689 19707 7ff66dd6b4ec __free_lconv_num 11 API calls 19705->19707 19706 7ff66dd6b4ec __free_lconv_num 11 API calls 19706->19705 19707->19689 19709 7ff66dd6f7b0 __crtLCMapStringW 5 API calls 19708->19709 19710 7ff66dd6fa46 19709->19710 19711 7ff66dd6fc70 __crtLCMapStringW 5 API calls 19710->19711 19712 7ff66dd6fa4e 19710->19712 19713 7ff66dd6fab7 CompareStringW 19711->19713 19712->19705 19712->19706 19713->19712 19715 7ff66dd78b0a HeapSize 19714->19715 19716 7ff66dd78af1 19714->19716 19717 7ff66dd65aa4 _set_fmode 11 API calls 19716->19717 19718 7ff66dd78af6 19717->19718 19719 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 19718->19719 19720 7ff66dd78b01 19719->19720 19720->19375 19722 7ff66dd714bb 19721->19722 19723 7ff66dd714b1 19721->19723 19725 7ff66dd714c0 19722->19725 19731 7ff66dd714c7 _set_fmode 19722->19731 19724 7ff66dd6e19c _fread_nolock 12 API calls 19723->19724 19729 7ff66dd714b9 19724->19729 19726 7ff66dd6b4ec __free_lconv_num 11 API calls 19725->19726 19726->19729 19727 7ff66dd714cd 19730 7ff66dd65aa4 _set_fmode 11 API calls 19727->19730 19728 7ff66dd714fa HeapReAlloc 19728->19729 19728->19731 19729->19377 19730->19729 19731->19727 19731->19728 19732 7ff66dd741e0 _set_fmode 2 API calls 19731->19732 19732->19731 19734 7ff66dd69d95 19733->19734 19735 7ff66dd69d91 19733->19735 19754 7ff66dd7368c GetEnvironmentStringsW 19734->19754 19735->19415 19746 7ff66dd6a13c 19735->19746 19738 7ff66dd69da2 19740 7ff66dd6b4ec __free_lconv_num 11 API calls 19738->19740 19739 7ff66dd69dae 19761 7ff66dd69efc 19739->19761 19740->19735 19743 7ff66dd6b4ec __free_lconv_num 11 API calls 19744 7ff66dd69dd5 19743->19744 19745 7ff66dd6b4ec __free_lconv_num 11 API calls 19744->19745 19745->19735 19747 7ff66dd6a15f 19746->19747 19752 7ff66dd6a176 19746->19752 19747->19415 19748 7ff66dd701e0 MultiByteToWideChar _fread_nolock 19748->19752 19749 7ff66dd6f738 _set_fmode 11 API calls 19749->19752 19750 7ff66dd6a1ea 19751 7ff66dd6b4ec __free_lconv_num 11 API calls 19750->19751 19751->19747 19752->19747 19752->19748 19752->19749 19752->19750 19753 7ff66dd6b4ec __free_lconv_num 11 API calls 19752->19753 19753->19752 19755 7ff66dd69d9a 19754->19755 19756 7ff66dd736b0 19754->19756 19755->19738 19755->19739 19757 7ff66dd6e19c _fread_nolock 12 API calls 19756->19757 19758 7ff66dd736e7 memcpy_s 19757->19758 19759 7ff66dd6b4ec __free_lconv_num 11 API calls 19758->19759 19760 7ff66dd73707 FreeEnvironmentStringsW 19759->19760 19760->19755 19762 7ff66dd69f24 19761->19762 19763 7ff66dd6f738 _set_fmode 11 API calls 19762->19763 19776 7ff66dd69f5f 19763->19776 19764 7ff66dd69f67 19765 7ff66dd6b4ec __free_lconv_num 11 API calls 19764->19765 19767 7ff66dd69db6 19765->19767 19766 7ff66dd69fe1 19768 7ff66dd6b4ec __free_lconv_num 11 API calls 19766->19768 19767->19743 19768->19767 19769 7ff66dd6f738 _set_fmode 11 API calls 19769->19776 19770 7ff66dd69fd0 19772 7ff66dd6a018 11 API calls 19770->19772 19771 7ff66dd71434 _wfindfirst32i64 37 API calls 19771->19776 19773 7ff66dd69fd8 19772->19773 19774 7ff66dd6b4ec __free_lconv_num 11 API calls 19773->19774 19774->19764 19775 7ff66dd6a004 19777 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 19775->19777 19776->19764 19776->19766 19776->19769 19776->19770 19776->19771 19776->19775 19778 7ff66dd6b4ec __free_lconv_num 11 API calls 19776->19778 19779 7ff66dd6a016 19777->19779 19778->19776 19782 7ff66dd799e9 __crtLCMapStringW 19780->19782 19781 7ff66dd77f9e 19781->19440 19781->19441 19782->19781 19783 7ff66dd6fa08 6 API calls 19782->19783 19783->19781 20198 7ff66dd7bca9 20199 7ff66dd7bcb8 20198->20199 20200 7ff66dd7bcc2 20198->20200 20202 7ff66dd712f8 LeaveCriticalSection 20199->20202 16074 7ff66dd611fc 16075 7ff66dd6122c 16074->16075 16078 7ff66dd60f4c 16075->16078 16077 7ff66dd6124a 16079 7ff66dd60f6c 16078->16079 16084 7ff66dd60f99 16078->16084 16080 7ff66dd60f76 16079->16080 16081 7ff66dd60fa1 16079->16081 16079->16084 16092 7ff66dd6b3b8 16080->16092 16085 7ff66dd60e8c 16081->16085 16084->16077 16100 7ff66dd6594c EnterCriticalSection 16085->16100 16101 7ff66dd6b100 16092->16101 16096 7ff66dd6b3f3 16096->16084 16102 7ff66dd6b11c GetLastError 16101->16102 16103 7ff66dd6b157 16101->16103 16104 7ff66dd6b12c 16102->16104 16103->16096 16107 7ff66dd6b16c 16103->16107 16114 7ff66dd6bf30 16104->16114 16108 7ff66dd6b188 GetLastError SetLastError 16107->16108 16109 7ff66dd6b1a0 16107->16109 16108->16109 16109->16096 16110 7ff66dd6b4a4 IsProcessorFeaturePresent 16109->16110 16111 7ff66dd6b4b7 16110->16111 16192 7ff66dd6b1b8 16111->16192 16115 7ff66dd6bf6a FlsSetValue 16114->16115 16116 7ff66dd6bf4f FlsGetValue 16114->16116 16117 7ff66dd6b147 SetLastError 16115->16117 16118 7ff66dd6bf77 16115->16118 16116->16117 16119 7ff66dd6bf64 16116->16119 16117->16103 16131 7ff66dd6f738 16118->16131 16119->16115 16121 7ff66dd6bf86 16122 7ff66dd6bfa4 FlsSetValue 16121->16122 16123 7ff66dd6bf94 FlsSetValue 16121->16123 16125 7ff66dd6bfc2 16122->16125 16126 7ff66dd6bfb0 FlsSetValue 16122->16126 16124 7ff66dd6bf9d 16123->16124 16138 7ff66dd6b4ec 16124->16138 16144 7ff66dd6ba98 16125->16144 16126->16124 16136 7ff66dd6f749 _set_fmode 16131->16136 16132 7ff66dd6f77e HeapAlloc 16134 7ff66dd6f798 16132->16134 16132->16136 16133 7ff66dd6f79a 16152 7ff66dd65aa4 16133->16152 16134->16121 16136->16132 16136->16133 16149 7ff66dd741e0 16136->16149 16139 7ff66dd6b4f1 HeapFree 16138->16139 16141 7ff66dd6b520 16138->16141 16140 7ff66dd6b50c GetLastError 16139->16140 16139->16141 16142 7ff66dd6b519 __free_lconv_num 16140->16142 16141->16117 16143 7ff66dd65aa4 _set_fmode 9 API calls 16142->16143 16143->16141 16178 7ff66dd6b970 16144->16178 16155 7ff66dd74220 16149->16155 16161 7ff66dd6be68 GetLastError 16152->16161 16154 7ff66dd65aad 16154->16134 16160 7ff66dd71298 EnterCriticalSection 16155->16160 16162 7ff66dd6bea9 FlsSetValue 16161->16162 16166 7ff66dd6be8c 16161->16166 16163 7ff66dd6bebb 16162->16163 16175 7ff66dd6be99 16162->16175 16165 7ff66dd6f738 _set_fmode 5 API calls 16163->16165 16164 7ff66dd6bf15 SetLastError 16164->16154 16167 7ff66dd6beca 16165->16167 16166->16162 16166->16175 16168 7ff66dd6bee8 FlsSetValue 16167->16168 16169 7ff66dd6bed8 FlsSetValue 16167->16169 16171 7ff66dd6bf06 16168->16171 16172 7ff66dd6bef4 FlsSetValue 16168->16172 16170 7ff66dd6bee1 16169->16170 16173 7ff66dd6b4ec __free_lconv_num 5 API calls 16170->16173 16174 7ff66dd6ba98 _set_fmode 5 API calls 16171->16174 16172->16170 16173->16175 16176 7ff66dd6bf0e 16174->16176 16175->16164 16177 7ff66dd6b4ec __free_lconv_num 5 API calls 16176->16177 16177->16164 16190 7ff66dd71298 EnterCriticalSection 16178->16190 16193 7ff66dd6b1f2 _wfindfirst32i64 memcpy_s 16192->16193 16194 7ff66dd6b21a RtlCaptureContext RtlLookupFunctionEntry 16193->16194 16195 7ff66dd6b28a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16194->16195 16196 7ff66dd6b254 RtlVirtualUnwind 16194->16196 16197 7ff66dd6b2dc _wfindfirst32i64 16195->16197 16196->16195 16200 7ff66dd5be00 16197->16200 16201 7ff66dd5be09 16200->16201 16202 7ff66dd5be14 GetCurrentProcess TerminateProcess 16201->16202 16203 7ff66dd5be60 IsProcessorFeaturePresent 16201->16203 16204 7ff66dd5be78 16203->16204 16209 7ff66dd5c054 RtlCaptureContext 16204->16209 16210 7ff66dd5c06e RtlLookupFunctionEntry 16209->16210 16211 7ff66dd5be8b 16210->16211 16212 7ff66dd5c084 RtlVirtualUnwind 16210->16212 16213 7ff66dd5be20 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16211->16213 16212->16210 16212->16211 19800 7ff66dd72300 19811 7ff66dd78294 19800->19811 19812 7ff66dd782a1 19811->19812 19813 7ff66dd6b4ec __free_lconv_num 11 API calls 19812->19813 19814 7ff66dd782bd 19812->19814 19813->19812 19815 7ff66dd6b4ec __free_lconv_num 11 API calls 19814->19815 19816 7ff66dd72309 19814->19816 19815->19814 19817 7ff66dd71298 EnterCriticalSection 19816->19817 20783 7ff66dd6bb70 20784 7ff66dd6bb75 20783->20784 20785 7ff66dd6bb8a 20783->20785 20789 7ff66dd6bb90 20784->20789 20790 7ff66dd6bbd2 20789->20790 20791 7ff66dd6bbda 20789->20791 20792 7ff66dd6b4ec __free_lconv_num 11 API calls 20790->20792 20793 7ff66dd6b4ec __free_lconv_num 11 API calls 20791->20793 20792->20791 20794 7ff66dd6bbe7 20793->20794 20795 7ff66dd6b4ec __free_lconv_num 11 API calls 20794->20795 20796 7ff66dd6bbf4 20795->20796 20797 7ff66dd6b4ec __free_lconv_num 11 API calls 20796->20797 20798 7ff66dd6bc01 20797->20798 20799 7ff66dd6b4ec __free_lconv_num 11 API calls 20798->20799 20800 7ff66dd6bc0e 20799->20800 20801 7ff66dd6b4ec __free_lconv_num 11 API calls 20800->20801 20802 7ff66dd6bc1b 20801->20802 20803 7ff66dd6b4ec __free_lconv_num 11 API calls 20802->20803 20804 7ff66dd6bc28 20803->20804 20805 7ff66dd6b4ec __free_lconv_num 11 API calls 20804->20805 20806 7ff66dd6bc35 20805->20806 20807 7ff66dd6b4ec __free_lconv_num 11 API calls 20806->20807 20808 7ff66dd6bc45 20807->20808 20809 7ff66dd6b4ec __free_lconv_num 11 API calls 20808->20809 20810 7ff66dd6bc55 20809->20810 20815 7ff66dd6ba38 20810->20815 20829 7ff66dd71298 EnterCriticalSection 20815->20829 19928 7ff66dd658f0 19929 7ff66dd658fb 19928->19929 19937 7ff66dd6fd44 19929->19937 19950 7ff66dd71298 EnterCriticalSection 19937->19950 16214 7ff66dd5c1bc 16235 7ff66dd5c38c 16214->16235 16217 7ff66dd5c308 16337 7ff66dd5c6ac IsProcessorFeaturePresent 16217->16337 16218 7ff66dd5c1d8 __scrt_acquire_startup_lock 16220 7ff66dd5c312 16218->16220 16222 7ff66dd5c1f6 __scrt_release_startup_lock 16218->16222 16221 7ff66dd5c6ac 7 API calls 16220->16221 16224 7ff66dd5c31d __CxxCallCatchBlock 16221->16224 16223 7ff66dd5c21b 16222->16223 16225 7ff66dd5c2a1 16222->16225 16326 7ff66dd6a69c 16222->16326 16241 7ff66dd5c7f4 16225->16241 16227 7ff66dd5c2a6 16244 7ff66dd51000 16227->16244 16232 7ff66dd5c2c9 16232->16224 16333 7ff66dd5c510 16232->16333 16236 7ff66dd5c394 16235->16236 16237 7ff66dd5c3a0 __scrt_dllmain_crt_thread_attach 16236->16237 16238 7ff66dd5c1d0 16237->16238 16239 7ff66dd5c3ad 16237->16239 16238->16217 16238->16218 16239->16238 16344 7ff66dd5cfb0 16239->16344 16371 7ff66dd7b380 16241->16371 16243 7ff66dd5c80b GetStartupInfoW 16243->16227 16245 7ff66dd5100b 16244->16245 16373 7ff66dd587a0 16245->16373 16247 7ff66dd5101d 16380 7ff66dd664d8 16247->16380 16249 7ff66dd539ab 16387 7ff66dd51ea0 16249->16387 16253 7ff66dd5be00 _wfindfirst32i64 8 API calls 16254 7ff66dd53b73 16253->16254 16331 7ff66dd5c838 GetModuleHandleW 16254->16331 16255 7ff66dd539ca 16319 7ff66dd53ab2 16255->16319 16403 7ff66dd57b60 16255->16403 16257 7ff66dd539ff 16258 7ff66dd53a4b 16257->16258 16260 7ff66dd57b60 61 API calls 16257->16260 16418 7ff66dd58040 16258->16418 16264 7ff66dd53a20 __vcrt_freefls 16260->16264 16261 7ff66dd53a60 16422 7ff66dd51ca0 16261->16422 16264->16258 16268 7ff66dd58040 58 API calls 16264->16268 16265 7ff66dd53b2d 16266 7ff66dd53b8d 16265->16266 16477 7ff66dd58970 16265->16477 16270 7ff66dd53bdb 16266->16270 16266->16319 16501 7ff66dd58bd0 16266->16501 16267 7ff66dd51ca0 121 API calls 16269 7ff66dd53a96 16267->16269 16268->16258 16273 7ff66dd53a9a 16269->16273 16274 7ff66dd53ab7 16269->16274 16515 7ff66dd56de0 16270->16515 16441 7ff66dd52b10 16273->16441 16274->16265 16454 7ff66dd53fc0 16274->16454 16276 7ff66dd53bc0 16280 7ff66dd53b53 16276->16280 16281 7ff66dd53bce SetDllDirectoryW 16276->16281 16286 7ff66dd52b10 59 API calls 16280->16286 16281->16270 16285 7ff66dd53ad5 16292 7ff66dd52b10 59 API calls 16285->16292 16286->16319 16289 7ff66dd53bf5 16315 7ff66dd53c27 16289->16315 16528 7ff66dd565f0 16289->16528 16290 7ff66dd53b03 16290->16265 16293 7ff66dd53b08 16290->16293 16291 7ff66dd53ce6 16608 7ff66dd534a0 16291->16608 16292->16319 16473 7ff66dd6076c 16293->16473 16299 7ff66dd53cfb 16615 7ff66dd58940 LocalFree 16299->16615 16300 7ff66dd53c46 16306 7ff66dd53c88 16300->16306 16570 7ff66dd51ee0 16300->16570 16301 7ff66dd53c29 16564 7ff66dd56840 16301->16564 16306->16319 16574 7ff66dd53440 16306->16574 16308 7ff66dd53d00 16616 7ff66dd57fd0 16308->16616 16313 7ff66dd53d13 16316 7ff66dd57b60 61 API calls 16313->16316 16314 7ff66dd53cc1 16318 7ff66dd56840 FreeLibrary 16314->16318 16315->16291 16315->16300 16317 7ff66dd53d1f 16316->16317 16623 7ff66dd58080 16317->16623 16318->16319 16319->16253 16327 7ff66dd6a6d4 16326->16327 16328 7ff66dd6a6b3 16326->16328 19133 7ff66dd6af48 16327->19133 16328->16225 16332 7ff66dd5c849 16331->16332 16332->16232 16334 7ff66dd5c521 16333->16334 16335 7ff66dd5c2e0 16334->16335 16336 7ff66dd5cfb0 7 API calls 16334->16336 16335->16223 16336->16335 16338 7ff66dd5c6d2 _wfindfirst32i64 memcpy_s 16337->16338 16339 7ff66dd5c6f1 RtlCaptureContext RtlLookupFunctionEntry 16338->16339 16340 7ff66dd5c71a RtlVirtualUnwind 16339->16340 16341 7ff66dd5c756 memcpy_s 16339->16341 16340->16341 16342 7ff66dd5c788 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16341->16342 16343 7ff66dd5c7d6 _wfindfirst32i64 16342->16343 16343->16220 16345 7ff66dd5cfb8 16344->16345 16346 7ff66dd5cfc2 16344->16346 16350 7ff66dd5d354 16345->16350 16346->16238 16351 7ff66dd5d363 16350->16351 16352 7ff66dd5cfbd 16350->16352 16358 7ff66dd5e350 16351->16358 16354 7ff66dd5d3c0 16352->16354 16355 7ff66dd5d3eb 16354->16355 16356 7ff66dd5d3ef 16355->16356 16357 7ff66dd5d3ce DeleteCriticalSection 16355->16357 16356->16346 16357->16355 16362 7ff66dd5e1b8 16358->16362 16363 7ff66dd5e2a2 TlsFree 16362->16363 16369 7ff66dd5e1fc __vcrt_FlsAlloc 16362->16369 16364 7ff66dd5e22a LoadLibraryExW 16366 7ff66dd5e24b GetLastError 16364->16366 16367 7ff66dd5e2c9 16364->16367 16365 7ff66dd5e2e9 GetProcAddress 16365->16363 16366->16369 16367->16365 16368 7ff66dd5e2e0 FreeLibrary 16367->16368 16368->16365 16369->16363 16369->16364 16369->16365 16370 7ff66dd5e26d LoadLibraryExW 16369->16370 16370->16367 16370->16369 16372 7ff66dd7b370 16371->16372 16372->16243 16372->16372 16375 7ff66dd587bf 16373->16375 16374 7ff66dd58810 WideCharToMultiByte 16374->16375 16378 7ff66dd588b6 16374->16378 16375->16374 16377 7ff66dd58864 WideCharToMultiByte 16375->16377 16375->16378 16379 7ff66dd587c7 __vcrt_freefls 16375->16379 16377->16375 16377->16378 16660 7ff66dd529c0 16378->16660 16379->16247 16383 7ff66dd70630 16380->16383 16381 7ff66dd70683 16382 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16381->16382 16386 7ff66dd706ac 16382->16386 16383->16381 16384 7ff66dd706d6 16383->16384 17059 7ff66dd70508 16384->17059 16386->16249 16388 7ff66dd51eb5 16387->16388 16389 7ff66dd51ed0 16388->16389 17067 7ff66dd52870 16388->17067 16389->16319 16391 7ff66dd53eb0 16389->16391 16392 7ff66dd5bda0 16391->16392 16393 7ff66dd53ebc GetModuleFileNameW 16392->16393 16394 7ff66dd53eeb 16393->16394 16395 7ff66dd53f02 16393->16395 16396 7ff66dd529c0 57 API calls 16394->16396 17107 7ff66dd58ce0 16395->17107 16398 7ff66dd53efe 16396->16398 16401 7ff66dd5be00 _wfindfirst32i64 8 API calls 16398->16401 16400 7ff66dd52b10 59 API calls 16400->16398 16402 7ff66dd53f3f 16401->16402 16402->16255 16404 7ff66dd57b6a 16403->16404 16405 7ff66dd58bd0 57 API calls 16404->16405 16406 7ff66dd57b8c GetEnvironmentVariableW 16405->16406 16407 7ff66dd57bf6 16406->16407 16408 7ff66dd57ba4 ExpandEnvironmentStringsW 16406->16408 16409 7ff66dd5be00 _wfindfirst32i64 8 API calls 16407->16409 16410 7ff66dd58ce0 59 API calls 16408->16410 16411 7ff66dd57c08 16409->16411 16412 7ff66dd57bcc 16410->16412 16411->16257 16412->16407 16413 7ff66dd57bd6 16412->16413 17118 7ff66dd6af7c 16413->17118 16416 7ff66dd5be00 _wfindfirst32i64 8 API calls 16417 7ff66dd57bee 16416->16417 16417->16257 16419 7ff66dd58bd0 57 API calls 16418->16419 16420 7ff66dd58057 SetEnvironmentVariableW 16419->16420 16421 7ff66dd5806f __vcrt_freefls 16420->16421 16421->16261 16423 7ff66dd51cae 16422->16423 16424 7ff66dd51ee0 49 API calls 16423->16424 16425 7ff66dd51ce4 16424->16425 16426 7ff66dd51dce 16425->16426 16427 7ff66dd51ee0 49 API calls 16425->16427 16428 7ff66dd5be00 _wfindfirst32i64 8 API calls 16426->16428 16429 7ff66dd51d0a 16427->16429 16430 7ff66dd51e5c 16428->16430 16429->16426 17125 7ff66dd51a90 16429->17125 16430->16265 16430->16267 16434 7ff66dd51dbc 16435 7ff66dd53e30 49 API calls 16434->16435 16435->16426 16436 7ff66dd51d7f 16436->16434 16437 7ff66dd51e24 16436->16437 16438 7ff66dd53e30 49 API calls 16437->16438 16439 7ff66dd51e31 16438->16439 17161 7ff66dd54040 16439->17161 16442 7ff66dd52b30 16441->16442 16443 7ff66dd650a4 49 API calls 16442->16443 16444 7ff66dd52b7b memcpy_s 16443->16444 16445 7ff66dd58bd0 57 API calls 16444->16445 16446 7ff66dd52bb0 16445->16446 16447 7ff66dd52bed MessageBoxA 16446->16447 16448 7ff66dd52bb5 16446->16448 16450 7ff66dd52c07 16447->16450 16449 7ff66dd58bd0 57 API calls 16448->16449 16451 7ff66dd52bcf MessageBoxW 16449->16451 16452 7ff66dd5be00 _wfindfirst32i64 8 API calls 16450->16452 16451->16450 16453 7ff66dd52c17 16452->16453 16453->16319 16455 7ff66dd53fcc 16454->16455 16456 7ff66dd58bd0 57 API calls 16455->16456 16457 7ff66dd53ff7 16456->16457 16458 7ff66dd58bd0 57 API calls 16457->16458 16459 7ff66dd5400a 16458->16459 17203 7ff66dd66a88 16459->17203 16462 7ff66dd5be00 _wfindfirst32i64 8 API calls 16463 7ff66dd53acd 16462->16463 16463->16285 16464 7ff66dd582b0 16463->16464 16465 7ff66dd582d4 16464->16465 16466 7ff66dd60df4 73 API calls 16465->16466 16468 7ff66dd583ab __vcrt_freefls 16465->16468 16467 7ff66dd582ee 16466->16467 16467->16468 17620 7ff66dd69650 16467->17620 16468->16290 16474 7ff66dd6079c 16473->16474 17635 7ff66dd60548 16474->17635 16478 7ff66dd58985 16477->16478 17646 7ff66dd58650 GetCurrentProcess OpenProcessToken 16478->17646 16481 7ff66dd58650 7 API calls 16482 7ff66dd589b1 16481->16482 16483 7ff66dd589ca 16482->16483 16484 7ff66dd589e4 16482->16484 17656 7ff66dd58740 16483->17656 16486 7ff66dd58740 48 API calls 16484->16486 16488 7ff66dd589f7 LocalFree LocalFree 16486->16488 16489 7ff66dd58a13 16488->16489 16491 7ff66dd58a1f 16488->16491 17660 7ff66dd52c30 16489->17660 16492 7ff66dd5be00 _wfindfirst32i64 8 API calls 16491->16492 16493 7ff66dd53b4e 16492->16493 16493->16280 16494 7ff66dd514e0 16493->16494 16495 7ff66dd5156f 16494->16495 16496 7ff66dd514f6 16494->16496 16495->16266 17867 7ff66dd57950 16496->17867 16502 7ff66dd58c77 MultiByteToWideChar 16501->16502 16503 7ff66dd58bf1 MultiByteToWideChar 16501->16503 16505 7ff66dd58c9a 16502->16505 16506 7ff66dd58cbf 16502->16506 16504 7ff66dd58c17 16503->16504 16509 7ff66dd58c3c 16503->16509 16508 7ff66dd529c0 55 API calls 16504->16508 16507 7ff66dd529c0 55 API calls 16505->16507 16506->16276 16510 7ff66dd58cad 16507->16510 16511 7ff66dd58c2a 16508->16511 16509->16502 16512 7ff66dd58c52 16509->16512 16510->16276 16511->16276 16513 7ff66dd529c0 55 API calls 16512->16513 16514 7ff66dd58c65 16513->16514 16514->16276 16516 7ff66dd56df5 16515->16516 16517 7ff66dd52870 59 API calls 16516->16517 16518 7ff66dd53be0 16516->16518 16517->16518 16518->16315 16519 7ff66dd56a90 16518->16519 16520 7ff66dd56aca 16519->16520 16521 7ff66dd56ab3 16519->16521 16520->16289 16521->16520 18189 7ff66dd51590 16521->18189 16523 7ff66dd56ad4 16523->16520 16524 7ff66dd54040 49 API calls 16523->16524 16525 7ff66dd56b35 16524->16525 16526 7ff66dd52b10 59 API calls 16525->16526 16527 7ff66dd56ba5 memcpy_s __vcrt_freefls 16525->16527 16526->16520 16527->16289 16534 7ff66dd5660a memcpy_s 16528->16534 16529 7ff66dd5672f 16531 7ff66dd54040 49 API calls 16529->16531 16533 7ff66dd567a8 16531->16533 16532 7ff66dd5674b 16535 7ff66dd52b10 59 API calls 16532->16535 16538 7ff66dd54040 49 API calls 16533->16538 16534->16529 16534->16532 16536 7ff66dd54040 49 API calls 16534->16536 16537 7ff66dd56710 16534->16537 16546 7ff66dd56731 16534->16546 18235 7ff66dd51940 16534->18235 18239 7ff66dd51700 16534->18239 16539 7ff66dd56741 __vcrt_freefls 16535->16539 16536->16534 16537->16529 16540 7ff66dd54040 49 API calls 16537->16540 16541 7ff66dd567d8 16538->16541 16542 7ff66dd5be00 _wfindfirst32i64 8 API calls 16539->16542 16540->16529 16544 7ff66dd54040 49 API calls 16541->16544 16543 7ff66dd53c06 16542->16543 16543->16301 16548 7ff66dd56570 16543->16548 16544->16539 16547 7ff66dd52b10 59 API calls 16546->16547 16547->16539 18418 7ff66dd58260 16548->18418 16550 7ff66dd5658c 16551 7ff66dd58260 58 API calls 16550->16551 16552 7ff66dd5659f 16551->16552 16553 7ff66dd565d5 16552->16553 16554 7ff66dd565b7 16552->16554 16555 7ff66dd52b10 59 API calls 16553->16555 18422 7ff66dd56ef0 GetProcAddress 16554->18422 16557 7ff66dd53c14 16555->16557 16557->16301 16565 7ff66dd5687d 16564->16565 16566 7ff66dd56852 16564->16566 16565->16315 16566->16565 16567 7ff66dd5693b 16566->16567 18481 7ff66dd58240 FreeLibrary 16566->18481 16567->16565 18482 7ff66dd58240 FreeLibrary 16567->18482 16571 7ff66dd51f05 16570->16571 16572 7ff66dd650a4 49 API calls 16571->16572 16573 7ff66dd51f28 16572->16573 16573->16306 18483 7ff66dd55bc0 16574->18483 16577 7ff66dd5348d 16577->16314 16579 7ff66dd53464 16579->16577 16609 7ff66dd53513 16608->16609 16610 7ff66dd53554 16608->16610 16609->16610 16614 7ff66dd51700 135 API calls 16609->16614 18806 7ff66dd52d50 16609->18806 16611 7ff66dd5be00 _wfindfirst32i64 8 API calls 16610->16611 16612 7ff66dd535a5 16611->16612 16612->16299 16612->16319 16614->16609 16615->16308 16617 7ff66dd58bd0 57 API calls 16616->16617 16618 7ff66dd57fef 16617->16618 16619 7ff66dd58bd0 57 API calls 16618->16619 16620 7ff66dd57fff 16619->16620 16621 7ff66dd683cc 38 API calls 16620->16621 16622 7ff66dd5800d __vcrt_freefls 16621->16622 16622->16313 16624 7ff66dd58090 16623->16624 16679 7ff66dd5bda0 16660->16679 16663 7ff66dd52a09 16681 7ff66dd650a4 16663->16681 16668 7ff66dd51ee0 49 API calls 16669 7ff66dd52a66 memcpy_s 16668->16669 16670 7ff66dd58bd0 54 API calls 16669->16670 16671 7ff66dd52a9b 16670->16671 16672 7ff66dd52ad8 MessageBoxA 16671->16672 16673 7ff66dd52aa0 16671->16673 16675 7ff66dd52af2 16672->16675 16674 7ff66dd58bd0 54 API calls 16673->16674 16676 7ff66dd52aba MessageBoxW 16674->16676 16677 7ff66dd5be00 _wfindfirst32i64 8 API calls 16675->16677 16676->16675 16678 7ff66dd52b02 16677->16678 16678->16379 16680 7ff66dd529dc GetLastError 16679->16680 16680->16663 16684 7ff66dd650fe 16681->16684 16682 7ff66dd65123 16683 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16682->16683 16698 7ff66dd6514d 16683->16698 16684->16682 16685 7ff66dd6515f 16684->16685 16711 7ff66dd63330 16685->16711 16687 7ff66dd6523c 16690 7ff66dd6b4ec __free_lconv_num 11 API calls 16687->16690 16689 7ff66dd5be00 _wfindfirst32i64 8 API calls 16691 7ff66dd52a37 16689->16691 16690->16698 16699 7ff66dd58560 16691->16699 16692 7ff66dd65211 16695 7ff66dd6b4ec __free_lconv_num 11 API calls 16692->16695 16693 7ff66dd65260 16693->16687 16694 7ff66dd6526a 16693->16694 16697 7ff66dd6b4ec __free_lconv_num 11 API calls 16694->16697 16695->16698 16696 7ff66dd65208 16696->16687 16696->16692 16697->16698 16698->16689 16700 7ff66dd5856c 16699->16700 16701 7ff66dd5858d FormatMessageW 16700->16701 16702 7ff66dd58587 GetLastError 16700->16702 16703 7ff66dd585dc WideCharToMultiByte 16701->16703 16704 7ff66dd585c0 16701->16704 16702->16701 16706 7ff66dd58616 16703->16706 16708 7ff66dd585d3 16703->16708 16705 7ff66dd529c0 54 API calls 16704->16705 16705->16708 16707 7ff66dd529c0 54 API calls 16706->16707 16707->16708 16709 7ff66dd5be00 _wfindfirst32i64 8 API calls 16708->16709 16710 7ff66dd52a3e 16709->16710 16710->16668 16712 7ff66dd6336e 16711->16712 16717 7ff66dd6335e 16711->16717 16713 7ff66dd63377 16712->16713 16723 7ff66dd633a5 16712->16723 16715 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16713->16715 16714 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16716 7ff66dd6339d 16714->16716 16715->16716 16716->16687 16716->16692 16716->16693 16716->16696 16717->16714 16720 7ff66dd63654 16722 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16720->16722 16722->16717 16723->16716 16723->16717 16723->16720 16725 7ff66dd63cc0 16723->16725 16751 7ff66dd63988 16723->16751 16781 7ff66dd63210 16723->16781 16784 7ff66dd64ee0 16723->16784 16726 7ff66dd63d02 16725->16726 16727 7ff66dd63d75 16725->16727 16728 7ff66dd63d08 16726->16728 16729 7ff66dd63d9f 16726->16729 16730 7ff66dd63d7a 16727->16730 16731 7ff66dd63dcf 16727->16731 16738 7ff66dd63d0d 16728->16738 16742 7ff66dd63dde 16728->16742 16808 7ff66dd62270 16729->16808 16732 7ff66dd63d7c 16730->16732 16733 7ff66dd63daf 16730->16733 16731->16729 16731->16742 16749 7ff66dd63d38 16731->16749 16735 7ff66dd63d1d 16732->16735 16741 7ff66dd63d8b 16732->16741 16815 7ff66dd61e60 16733->16815 16750 7ff66dd63e0d 16735->16750 16790 7ff66dd64624 16735->16790 16738->16735 16739 7ff66dd63d50 16738->16739 16738->16749 16739->16750 16800 7ff66dd64ae0 16739->16800 16741->16729 16744 7ff66dd63d90 16741->16744 16742->16750 16822 7ff66dd62680 16742->16822 16744->16750 16804 7ff66dd64c78 16744->16804 16745 7ff66dd5be00 _wfindfirst32i64 8 API calls 16746 7ff66dd640a3 16745->16746 16746->16723 16749->16750 16829 7ff66dd6f3f8 16749->16829 16750->16745 16752 7ff66dd639a9 16751->16752 16753 7ff66dd63993 16751->16753 16756 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16752->16756 16757 7ff66dd639e7 16752->16757 16754 7ff66dd63d02 16753->16754 16755 7ff66dd63d75 16753->16755 16753->16757 16758 7ff66dd63d08 16754->16758 16759 7ff66dd63d9f 16754->16759 16760 7ff66dd63d7a 16755->16760 16761 7ff66dd63dcf 16755->16761 16756->16757 16757->16723 16768 7ff66dd63d0d 16758->16768 16772 7ff66dd63dde 16758->16772 16764 7ff66dd62270 38 API calls 16759->16764 16762 7ff66dd63d7c 16760->16762 16763 7ff66dd63daf 16760->16763 16761->16759 16761->16772 16779 7ff66dd63d38 16761->16779 16765 7ff66dd63d1d 16762->16765 16771 7ff66dd63d8b 16762->16771 16766 7ff66dd61e60 38 API calls 16763->16766 16764->16779 16767 7ff66dd64624 47 API calls 16765->16767 16780 7ff66dd63e0d 16765->16780 16766->16779 16767->16779 16768->16765 16769 7ff66dd63d50 16768->16769 16768->16779 16773 7ff66dd64ae0 47 API calls 16769->16773 16769->16780 16770 7ff66dd62680 38 API calls 16770->16779 16771->16759 16774 7ff66dd63d90 16771->16774 16772->16770 16772->16780 16773->16779 16776 7ff66dd64c78 37 API calls 16774->16776 16774->16780 16775 7ff66dd5be00 _wfindfirst32i64 8 API calls 16777 7ff66dd640a3 16775->16777 16776->16779 16777->16723 16778 7ff66dd6f3f8 47 API calls 16778->16779 16779->16778 16779->16780 16780->16775 16987 7ff66dd61434 16781->16987 16785 7ff66dd64ef7 16784->16785 17004 7ff66dd6e558 16785->17004 16791 7ff66dd64646 16790->16791 16839 7ff66dd612a0 16791->16839 16796 7ff66dd64ee0 45 API calls 16798 7ff66dd64783 16796->16798 16797 7ff66dd64ee0 45 API calls 16799 7ff66dd6480c 16797->16799 16798->16797 16798->16798 16798->16799 16799->16749 16801 7ff66dd64af8 16800->16801 16803 7ff66dd64b60 16800->16803 16802 7ff66dd6f3f8 47 API calls 16801->16802 16801->16803 16802->16803 16803->16749 16807 7ff66dd64c99 16804->16807 16805 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16806 7ff66dd64cca 16805->16806 16806->16749 16807->16805 16807->16806 16810 7ff66dd622a3 16808->16810 16809 7ff66dd622d2 16811 7ff66dd612a0 12 API calls 16809->16811 16814 7ff66dd6230f 16809->16814 16810->16809 16812 7ff66dd6238f 16810->16812 16811->16814 16813 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16812->16813 16813->16814 16814->16749 16816 7ff66dd61e93 16815->16816 16817 7ff66dd61ec2 16816->16817 16819 7ff66dd61f7f 16816->16819 16818 7ff66dd612a0 12 API calls 16817->16818 16821 7ff66dd61eff 16817->16821 16818->16821 16820 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16819->16820 16820->16821 16821->16749 16823 7ff66dd626b3 16822->16823 16824 7ff66dd626e2 16823->16824 16826 7ff66dd6279f 16823->16826 16825 7ff66dd612a0 12 API calls 16824->16825 16828 7ff66dd6271f 16824->16828 16825->16828 16827 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16826->16827 16827->16828 16828->16749 16830 7ff66dd6f420 16829->16830 16831 7ff66dd6f465 16830->16831 16832 7ff66dd64ee0 45 API calls 16830->16832 16835 7ff66dd6f425 memcpy_s 16830->16835 16837 7ff66dd6f44e memcpy_s 16830->16837 16831->16835 16831->16837 16984 7ff66dd70aa8 16831->16984 16832->16831 16833 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16833->16835 16835->16749 16837->16833 16837->16835 16840 7ff66dd612d7 16839->16840 16846 7ff66dd612c6 16839->16846 16840->16846 16869 7ff66dd6e19c 16840->16869 16843 7ff66dd61318 16845 7ff66dd6b4ec __free_lconv_num 11 API calls 16843->16845 16844 7ff66dd6b4ec __free_lconv_num 11 API calls 16844->16843 16845->16846 16847 7ff66dd6f110 16846->16847 16848 7ff66dd6f12d 16847->16848 16849 7ff66dd6f160 16847->16849 16850 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16848->16850 16849->16848 16852 7ff66dd6f192 16849->16852 16851 7ff66dd64761 16850->16851 16851->16796 16851->16798 16857 7ff66dd6f2a5 16852->16857 16862 7ff66dd6f1da 16852->16862 16853 7ff66dd6f397 16909 7ff66dd6e5fc 16853->16909 16854 7ff66dd6f35d 16902 7ff66dd6e994 16854->16902 16856 7ff66dd6f32c 16895 7ff66dd6ec74 16856->16895 16857->16853 16857->16854 16857->16856 16859 7ff66dd6f2ef 16857->16859 16861 7ff66dd6f2e5 16857->16861 16885 7ff66dd6eea4 16859->16885 16861->16854 16864 7ff66dd6f2ea 16861->16864 16862->16851 16876 7ff66dd6b01c 16862->16876 16864->16856 16864->16859 16867 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 16868 7ff66dd6f3f4 16867->16868 16870 7ff66dd6e1e7 16869->16870 16875 7ff66dd6e1ab _set_fmode 16869->16875 16871 7ff66dd65aa4 _set_fmode 11 API calls 16870->16871 16873 7ff66dd61304 16871->16873 16872 7ff66dd6e1ce HeapAlloc 16872->16873 16872->16875 16873->16843 16873->16844 16874 7ff66dd741e0 _set_fmode 2 API calls 16874->16875 16875->16870 16875->16872 16875->16874 16877 7ff66dd6b029 16876->16877 16878 7ff66dd6b033 16876->16878 16877->16878 16883 7ff66dd6b04e 16877->16883 16879 7ff66dd65aa4 _set_fmode 11 API calls 16878->16879 16880 7ff66dd6b03a 16879->16880 16918 7ff66dd6b484 16880->16918 16881 7ff66dd6b046 16881->16851 16881->16867 16883->16881 16884 7ff66dd65aa4 _set_fmode 11 API calls 16883->16884 16884->16880 16920 7ff66dd74cfc 16885->16920 16889 7ff66dd6ef4c 16890 7ff66dd6efa1 16889->16890 16892 7ff66dd6ef6c 16889->16892 16894 7ff66dd6ef50 16889->16894 16973 7ff66dd6ea90 16890->16973 16892->16892 16969 7ff66dd6ed4c 16892->16969 16894->16851 16896 7ff66dd74cfc 38 API calls 16895->16896 16897 7ff66dd6ecbe 16896->16897 16898 7ff66dd74744 37 API calls 16897->16898 16899 7ff66dd6ed0e 16898->16899 16900 7ff66dd6ed12 16899->16900 16901 7ff66dd6ed4c 45 API calls 16899->16901 16900->16851 16901->16900 16903 7ff66dd74cfc 38 API calls 16902->16903 16904 7ff66dd6e9df 16903->16904 16905 7ff66dd74744 37 API calls 16904->16905 16906 7ff66dd6ea37 16905->16906 16907 7ff66dd6ea3b 16906->16907 16908 7ff66dd6ea90 45 API calls 16906->16908 16907->16851 16908->16907 16910 7ff66dd6e674 16909->16910 16911 7ff66dd6e641 16909->16911 16913 7ff66dd6e68c 16910->16913 16915 7ff66dd6e70d 16910->16915 16912 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16911->16912 16917 7ff66dd6e66d memcpy_s 16912->16917 16914 7ff66dd6e994 46 API calls 16913->16914 16914->16917 16916 7ff66dd64ee0 45 API calls 16915->16916 16915->16917 16916->16917 16917->16851 16919 7ff66dd6b31c _invalid_parameter_noinfo 37 API calls 16918->16919 16921 7ff66dd74d4f fegetenv 16920->16921 16922 7ff66dd78c5c 37 API calls 16921->16922 16925 7ff66dd74da2 16922->16925 16923 7ff66dd74dcf 16928 7ff66dd6b01c __std_exception_copy 37 API calls 16923->16928 16924 7ff66dd74e92 16926 7ff66dd78c5c 37 API calls 16924->16926 16925->16924 16929 7ff66dd74e6c 16925->16929 16930 7ff66dd74dbd 16925->16930 16927 7ff66dd74ebc 16926->16927 16931 7ff66dd78c5c 37 API calls 16927->16931 16932 7ff66dd74e4d 16928->16932 16933 7ff66dd6b01c __std_exception_copy 37 API calls 16929->16933 16930->16923 16930->16924 16934 7ff66dd74ecd 16931->16934 16935 7ff66dd75f74 16932->16935 16939 7ff66dd74e55 16932->16939 16933->16932 16937 7ff66dd78e50 20 API calls 16934->16937 16936 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 16935->16936 16938 7ff66dd75f89 16936->16938 16946 7ff66dd74f36 memcpy_s 16937->16946 16940 7ff66dd5be00 _wfindfirst32i64 8 API calls 16939->16940 16941 7ff66dd6eef1 16940->16941 16965 7ff66dd74744 16941->16965 16942 7ff66dd752df memcpy_s 16943 7ff66dd74f77 memcpy_s 16958 7ff66dd753d3 memcpy_s 16943->16958 16963 7ff66dd758bb memcpy_s 16943->16963 16944 7ff66dd7561f 16945 7ff66dd74860 37 API calls 16944->16945 16951 7ff66dd75d37 16945->16951 16946->16942 16946->16943 16949 7ff66dd65aa4 _set_fmode 11 API calls 16946->16949 16947 7ff66dd755cb 16947->16944 16948 7ff66dd75f8c memcpy_s 37 API calls 16947->16948 16948->16944 16950 7ff66dd753b0 16949->16950 16952 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 16950->16952 16954 7ff66dd75f8c memcpy_s 37 API calls 16951->16954 16962 7ff66dd75d92 16951->16962 16952->16943 16953 7ff66dd75f18 16956 7ff66dd78c5c 37 API calls 16953->16956 16954->16962 16955 7ff66dd65aa4 11 API calls _set_fmode 16955->16963 16956->16939 16957 7ff66dd65aa4 11 API calls _set_fmode 16957->16958 16958->16947 16958->16957 16960 7ff66dd6b484 37 API calls _invalid_parameter_noinfo 16958->16960 16959 7ff66dd74860 37 API calls 16959->16962 16960->16958 16961 7ff66dd75f8c memcpy_s 37 API calls 16961->16962 16962->16953 16962->16959 16962->16961 16963->16944 16963->16947 16963->16955 16964 7ff66dd6b484 37 API calls _invalid_parameter_noinfo 16963->16964 16964->16963 16966 7ff66dd74763 16965->16966 16967 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16966->16967 16968 7ff66dd7478e memcpy_s 16966->16968 16967->16968 16968->16889 16970 7ff66dd6ed78 memcpy_s 16969->16970 16971 7ff66dd64ee0 45 API calls 16970->16971 16972 7ff66dd6ee32 memcpy_s 16970->16972 16971->16972 16972->16894 16974 7ff66dd6eacb 16973->16974 16979 7ff66dd6eb18 memcpy_s 16973->16979 16975 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16974->16975 16976 7ff66dd6eaf7 16975->16976 16976->16894 16977 7ff66dd6eb83 16978 7ff66dd6b01c __std_exception_copy 37 API calls 16977->16978 16983 7ff66dd6ebc5 memcpy_s 16978->16983 16979->16977 16980 7ff66dd64ee0 45 API calls 16979->16980 16980->16977 16981 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 16982 7ff66dd6ec70 16981->16982 16983->16981 16986 7ff66dd70acc WideCharToMultiByte 16984->16986 16988 7ff66dd61473 16987->16988 16989 7ff66dd61461 16987->16989 16992 7ff66dd61480 16988->16992 16995 7ff66dd614bd 16988->16995 16990 7ff66dd65aa4 _set_fmode 11 API calls 16989->16990 16991 7ff66dd61466 16990->16991 16993 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 16991->16993 16994 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 16992->16994 16999 7ff66dd61471 16993->16999 16994->16999 16996 7ff66dd61566 16995->16996 16997 7ff66dd65aa4 _set_fmode 11 API calls 16995->16997 16998 7ff66dd65aa4 _set_fmode 11 API calls 16996->16998 16996->16999 17000 7ff66dd6155b 16997->17000 17001 7ff66dd61610 16998->17001 16999->16723 17002 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 17000->17002 17003 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 17001->17003 17002->16996 17003->16999 17005 7ff66dd6e571 17004->17005 17007 7ff66dd64f1f 17004->17007 17005->17007 17012 7ff66dd73f54 17005->17012 17008 7ff66dd6e5c4 17007->17008 17009 7ff66dd6e5dd 17008->17009 17010 7ff66dd64f2f 17008->17010 17009->17010 17056 7ff66dd732a0 17009->17056 17010->16723 17024 7ff66dd6bcf0 GetLastError 17012->17024 17015 7ff66dd73fae 17015->17007 17025 7ff66dd6bd14 FlsGetValue 17024->17025 17026 7ff66dd6bd31 FlsSetValue 17024->17026 17027 7ff66dd6bd2b 17025->17027 17043 7ff66dd6bd21 17025->17043 17028 7ff66dd6bd43 17026->17028 17026->17043 17027->17026 17030 7ff66dd6f738 _set_fmode 11 API calls 17028->17030 17029 7ff66dd6bd9d SetLastError 17031 7ff66dd6bdbd 17029->17031 17032 7ff66dd6bdaa 17029->17032 17033 7ff66dd6bd52 17030->17033 17047 7ff66dd6b07c 17031->17047 17032->17015 17046 7ff66dd71298 EnterCriticalSection 17032->17046 17035 7ff66dd6bd70 FlsSetValue 17033->17035 17036 7ff66dd6bd60 FlsSetValue 17033->17036 17038 7ff66dd6bd7c FlsSetValue 17035->17038 17039 7ff66dd6bd8e 17035->17039 17037 7ff66dd6bd69 17036->17037 17041 7ff66dd6b4ec __free_lconv_num 11 API calls 17037->17041 17038->17037 17042 7ff66dd6ba98 _set_fmode 11 API calls 17039->17042 17041->17043 17044 7ff66dd6bd96 17042->17044 17043->17029 17045 7ff66dd6b4ec __free_lconv_num 11 API calls 17044->17045 17045->17029 17048 7ff66dd742a0 __CxxCallCatchBlock EnterCriticalSection LeaveCriticalSection 17047->17048 17049 7ff66dd6b085 17048->17049 17050 7ff66dd6b094 17049->17050 17051 7ff66dd742f0 __CxxCallCatchBlock 44 API calls 17049->17051 17052 7ff66dd6b09d IsProcessorFeaturePresent 17050->17052 17055 7ff66dd6b0c7 __CxxCallCatchBlock 17050->17055 17051->17050 17053 7ff66dd6b0ac 17052->17053 17054 7ff66dd6b1b8 _wfindfirst32i64 14 API calls 17053->17054 17054->17055 17057 7ff66dd6bcf0 __CxxCallCatchBlock 45 API calls 17056->17057 17058 7ff66dd732a9 17057->17058 17066 7ff66dd6594c EnterCriticalSection 17059->17066 17068 7ff66dd5288c 17067->17068 17069 7ff66dd650a4 49 API calls 17068->17069 17070 7ff66dd528dd 17069->17070 17071 7ff66dd65aa4 _set_fmode 11 API calls 17070->17071 17072 7ff66dd528e2 17071->17072 17086 7ff66dd65ac4 17072->17086 17075 7ff66dd51ee0 49 API calls 17076 7ff66dd52911 memcpy_s 17075->17076 17077 7ff66dd58bd0 57 API calls 17076->17077 17078 7ff66dd52946 17077->17078 17079 7ff66dd5294b 17078->17079 17080 7ff66dd52983 MessageBoxA 17078->17080 17081 7ff66dd58bd0 57 API calls 17079->17081 17082 7ff66dd5299d 17080->17082 17083 7ff66dd52965 MessageBoxW 17081->17083 17084 7ff66dd5be00 _wfindfirst32i64 8 API calls 17082->17084 17083->17082 17085 7ff66dd529ad 17084->17085 17085->16389 17087 7ff66dd6be68 _set_fmode 11 API calls 17086->17087 17088 7ff66dd65adb 17087->17088 17089 7ff66dd6f738 _set_fmode 11 API calls 17088->17089 17091 7ff66dd65b1b 17088->17091 17095 7ff66dd528e9 17088->17095 17090 7ff66dd65b10 17089->17090 17092 7ff66dd6b4ec __free_lconv_num 11 API calls 17090->17092 17091->17095 17098 7ff66dd6fe08 17091->17098 17092->17091 17095->17075 17096 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 17097 7ff66dd65b60 17096->17097 17103 7ff66dd6fe25 17098->17103 17099 7ff66dd6fe2a 17100 7ff66dd65aa4 _set_fmode 11 API calls 17099->17100 17101 7ff66dd65b41 17099->17101 17102 7ff66dd6fe34 17100->17102 17101->17095 17101->17096 17104 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 17102->17104 17103->17099 17103->17101 17105 7ff66dd6fe74 17103->17105 17104->17101 17105->17101 17106 7ff66dd65aa4 _set_fmode 11 API calls 17105->17106 17106->17102 17108 7ff66dd58d72 WideCharToMultiByte 17107->17108 17109 7ff66dd58d04 WideCharToMultiByte 17107->17109 17112 7ff66dd58d9f 17108->17112 17117 7ff66dd53f15 17108->17117 17110 7ff66dd58d45 17109->17110 17111 7ff66dd58d2e 17109->17111 17110->17108 17115 7ff66dd58d5b 17110->17115 17114 7ff66dd529c0 57 API calls 17111->17114 17113 7ff66dd529c0 57 API calls 17112->17113 17113->17117 17114->17117 17116 7ff66dd529c0 57 API calls 17115->17116 17116->17117 17117->16398 17117->16400 17119 7ff66dd57bde 17118->17119 17120 7ff66dd6af93 17118->17120 17119->16416 17120->17119 17121 7ff66dd6b01c __std_exception_copy 37 API calls 17120->17121 17122 7ff66dd6afc0 17121->17122 17122->17119 17123 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 17122->17123 17124 7ff66dd6aff0 17123->17124 17126 7ff66dd53fc0 116 API calls 17125->17126 17127 7ff66dd51ac6 17126->17127 17128 7ff66dd51c74 17127->17128 17129 7ff66dd582b0 83 API calls 17127->17129 17130 7ff66dd5be00 _wfindfirst32i64 8 API calls 17128->17130 17131 7ff66dd51afe 17129->17131 17132 7ff66dd51c88 17130->17132 17157 7ff66dd51b2f 17131->17157 17164 7ff66dd60df4 17131->17164 17132->16426 17158 7ff66dd53e30 17132->17158 17134 7ff66dd6076c 74 API calls 17134->17128 17135 7ff66dd51b18 17136 7ff66dd51b1c 17135->17136 17137 7ff66dd51b34 17135->17137 17138 7ff66dd52870 59 API calls 17136->17138 17168 7ff66dd60abc 17137->17168 17138->17157 17141 7ff66dd51b67 17143 7ff66dd60df4 73 API calls 17141->17143 17142 7ff66dd51b4f 17144 7ff66dd52870 59 API calls 17142->17144 17145 7ff66dd51bb4 17143->17145 17144->17157 17146 7ff66dd51bc6 17145->17146 17147 7ff66dd51bde 17145->17147 17148 7ff66dd52870 59 API calls 17146->17148 17149 7ff66dd60abc _fread_nolock 53 API calls 17147->17149 17148->17157 17150 7ff66dd51bf3 17149->17150 17151 7ff66dd51bf9 17150->17151 17152 7ff66dd51c0e 17150->17152 17153 7ff66dd52870 59 API calls 17151->17153 17171 7ff66dd60830 17152->17171 17153->17157 17156 7ff66dd52b10 59 API calls 17156->17157 17157->17134 17159 7ff66dd51ee0 49 API calls 17158->17159 17160 7ff66dd53e4d 17159->17160 17160->16436 17162 7ff66dd51ee0 49 API calls 17161->17162 17163 7ff66dd54070 17162->17163 17163->16426 17165 7ff66dd60e24 17164->17165 17177 7ff66dd60b84 17165->17177 17167 7ff66dd60e3d 17167->17135 17189 7ff66dd60adc 17168->17189 17172 7ff66dd51c22 17171->17172 17173 7ff66dd60839 17171->17173 17172->17156 17172->17157 17174 7ff66dd65aa4 _set_fmode 11 API calls 17173->17174 17175 7ff66dd6083e 17174->17175 17176 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 17175->17176 17176->17172 17178 7ff66dd60bee 17177->17178 17179 7ff66dd60bae 17177->17179 17178->17179 17181 7ff66dd60bfa 17178->17181 17180 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17179->17180 17187 7ff66dd60bd5 17180->17187 17188 7ff66dd6594c EnterCriticalSection 17181->17188 17187->17167 17190 7ff66dd60b06 17189->17190 17201 7ff66dd51b49 17189->17201 17191 7ff66dd60b52 17190->17191 17192 7ff66dd60b15 memcpy_s 17190->17192 17190->17201 17202 7ff66dd6594c EnterCriticalSection 17191->17202 17194 7ff66dd65aa4 _set_fmode 11 API calls 17192->17194 17196 7ff66dd60b2a 17194->17196 17199 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 17196->17199 17199->17201 17201->17141 17201->17142 17204 7ff66dd669bc 17203->17204 17205 7ff66dd669e2 17204->17205 17207 7ff66dd66a15 17204->17207 17206 7ff66dd65aa4 _set_fmode 11 API calls 17205->17206 17208 7ff66dd669e7 17206->17208 17209 7ff66dd66a1b 17207->17209 17210 7ff66dd66a28 17207->17210 17211 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 17208->17211 17212 7ff66dd65aa4 _set_fmode 11 API calls 17209->17212 17222 7ff66dd6b7cc 17210->17222 17214 7ff66dd54019 17211->17214 17212->17214 17214->16462 17235 7ff66dd71298 EnterCriticalSection 17222->17235 17621 7ff66dd69680 17620->17621 17624 7ff66dd6915c 17621->17624 17625 7ff66dd691a6 17624->17625 17626 7ff66dd69177 17624->17626 17634 7ff66dd6594c EnterCriticalSection 17625->17634 17627 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17626->17627 17629 7ff66dd69197 17627->17629 17636 7ff66dd60563 17635->17636 17637 7ff66dd60591 17635->17637 17638 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17636->17638 17644 7ff66dd60583 17637->17644 17645 7ff66dd6594c EnterCriticalSection 17637->17645 17638->17644 17647 7ff66dd5868f GetTokenInformation 17646->17647 17648 7ff66dd58711 __vcrt_freefls 17646->17648 17649 7ff66dd586bb 17647->17649 17650 7ff66dd586b0 GetLastError 17647->17650 17651 7ff66dd5872a 17648->17651 17652 7ff66dd58724 CloseHandle 17648->17652 17649->17648 17653 7ff66dd586d7 GetTokenInformation 17649->17653 17650->17648 17650->17649 17651->16481 17652->17651 17653->17648 17654 7ff66dd586fa 17653->17654 17654->17648 17655 7ff66dd58704 ConvertSidToStringSidW 17654->17655 17655->17648 17657 7ff66dd58765 17656->17657 17673 7ff66dd652f8 17657->17673 17661 7ff66dd52c50 17660->17661 17662 7ff66dd650a4 49 API calls 17661->17662 17663 7ff66dd52c9b memcpy_s 17662->17663 17664 7ff66dd58bd0 57 API calls 17663->17664 17665 7ff66dd52cd0 17664->17665 17666 7ff66dd52d0d MessageBoxA 17665->17666 17667 7ff66dd52cd5 17665->17667 17669 7ff66dd52d27 17666->17669 17668 7ff66dd58bd0 57 API calls 17667->17668 17670 7ff66dd52cef MessageBoxW 17668->17670 17671 7ff66dd5be00 _wfindfirst32i64 8 API calls 17669->17671 17670->17669 17672 7ff66dd52d37 17671->17672 17672->16491 17677 7ff66dd65352 17673->17677 17674 7ff66dd65377 17675 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17674->17675 17679 7ff66dd653a1 17675->17679 17676 7ff66dd653b3 17691 7ff66dd636b0 17676->17691 17677->17674 17677->17676 17680 7ff66dd5be00 _wfindfirst32i64 8 API calls 17679->17680 17682 7ff66dd58788 17680->17682 17681 7ff66dd6b4ec __free_lconv_num 11 API calls 17681->17679 17682->16488 17684 7ff66dd654ba 17685 7ff66dd654c4 17684->17685 17690 7ff66dd65494 17684->17690 17688 7ff66dd6b4ec __free_lconv_num 11 API calls 17685->17688 17686 7ff66dd6b4ec __free_lconv_num 11 API calls 17686->17679 17687 7ff66dd65460 17689 7ff66dd65469 17687->17689 17687->17690 17688->17679 17689->17686 17690->17681 17692 7ff66dd636ee 17691->17692 17693 7ff66dd636de 17691->17693 17694 7ff66dd636f7 17692->17694 17698 7ff66dd63725 17692->17698 17695 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17693->17695 17696 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17694->17696 17697 7ff66dd6371d 17695->17697 17696->17697 17697->17684 17697->17687 17697->17689 17697->17690 17698->17693 17698->17697 17702 7ff66dd640c4 17698->17702 17735 7ff66dd63b10 17698->17735 17772 7ff66dd632a0 17698->17772 17703 7ff66dd64177 17702->17703 17704 7ff66dd64106 17702->17704 17705 7ff66dd6417c 17703->17705 17706 7ff66dd641d0 17703->17706 17707 7ff66dd6410c 17704->17707 17708 7ff66dd641a1 17704->17708 17709 7ff66dd6417e 17705->17709 17710 7ff66dd641b1 17705->17710 17714 7ff66dd641da 17706->17714 17715 7ff66dd641e7 17706->17715 17720 7ff66dd641df 17706->17720 17711 7ff66dd64111 17707->17711 17712 7ff66dd64140 17707->17712 17791 7ff66dd62474 17708->17791 17713 7ff66dd64120 17709->17713 17723 7ff66dd6418d 17709->17723 17798 7ff66dd62064 17710->17798 17711->17715 17717 7ff66dd64117 17711->17717 17712->17717 17712->17720 17734 7ff66dd64210 17713->17734 17775 7ff66dd64878 17713->17775 17714->17708 17714->17720 17805 7ff66dd64dcc 17715->17805 17717->17713 17722 7ff66dd64152 17717->17722 17730 7ff66dd6413b 17717->17730 17720->17734 17809 7ff66dd62884 17720->17809 17722->17734 17785 7ff66dd64bb4 17722->17785 17723->17708 17725 7ff66dd64192 17723->17725 17729 7ff66dd64c78 37 API calls 17725->17729 17725->17734 17727 7ff66dd5be00 _wfindfirst32i64 8 API calls 17728 7ff66dd6450a 17727->17728 17728->17698 17729->17730 17731 7ff66dd64ee0 45 API calls 17730->17731 17733 7ff66dd643fc 17730->17733 17730->17734 17731->17733 17733->17734 17816 7ff66dd6f5a8 17733->17816 17734->17727 17736 7ff66dd63b34 17735->17736 17737 7ff66dd63b1e 17735->17737 17738 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17736->17738 17739 7ff66dd63b74 17736->17739 17737->17739 17740 7ff66dd64177 17737->17740 17741 7ff66dd64106 17737->17741 17738->17739 17739->17698 17742 7ff66dd6417c 17740->17742 17743 7ff66dd641d0 17740->17743 17744 7ff66dd6410c 17741->17744 17745 7ff66dd641a1 17741->17745 17746 7ff66dd6417e 17742->17746 17747 7ff66dd641b1 17742->17747 17751 7ff66dd641da 17743->17751 17752 7ff66dd641e7 17743->17752 17757 7ff66dd641df 17743->17757 17748 7ff66dd64111 17744->17748 17749 7ff66dd64140 17744->17749 17753 7ff66dd62474 38 API calls 17745->17753 17750 7ff66dd64120 17746->17750 17759 7ff66dd6418d 17746->17759 17755 7ff66dd62064 38 API calls 17747->17755 17748->17752 17754 7ff66dd64117 17748->17754 17749->17754 17749->17757 17756 7ff66dd64878 47 API calls 17750->17756 17770 7ff66dd64210 17750->17770 17751->17745 17751->17757 17758 7ff66dd64dcc 45 API calls 17752->17758 17767 7ff66dd6413b 17753->17767 17754->17750 17760 7ff66dd64152 17754->17760 17754->17767 17755->17767 17756->17767 17761 7ff66dd62884 38 API calls 17757->17761 17757->17770 17758->17767 17759->17745 17762 7ff66dd64192 17759->17762 17763 7ff66dd64bb4 46 API calls 17760->17763 17760->17770 17761->17767 17765 7ff66dd64c78 37 API calls 17762->17765 17762->17770 17763->17767 17764 7ff66dd5be00 _wfindfirst32i64 8 API calls 17766 7ff66dd6450a 17764->17766 17765->17767 17766->17698 17768 7ff66dd64ee0 45 API calls 17767->17768 17767->17770 17771 7ff66dd643fc 17767->17771 17768->17771 17769 7ff66dd6f5a8 46 API calls 17769->17771 17770->17764 17771->17769 17771->17770 17850 7ff66dd616e8 17772->17850 17776 7ff66dd6489e 17775->17776 17777 7ff66dd612a0 12 API calls 17776->17777 17778 7ff66dd648ee 17777->17778 17779 7ff66dd6f110 46 API calls 17778->17779 17788 7ff66dd64be9 17785->17788 17786 7ff66dd64c2e 17786->17730 17787 7ff66dd64c07 17790 7ff66dd6f5a8 46 API calls 17787->17790 17788->17786 17788->17787 17789 7ff66dd64ee0 45 API calls 17788->17789 17789->17787 17790->17786 17792 7ff66dd624a7 17791->17792 17793 7ff66dd624d6 17792->17793 17795 7ff66dd62593 17792->17795 17797 7ff66dd62513 17793->17797 17828 7ff66dd61348 17793->17828 17796 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17795->17796 17796->17797 17797->17730 17799 7ff66dd62097 17798->17799 17800 7ff66dd620c6 17799->17800 17802 7ff66dd62183 17799->17802 17801 7ff66dd61348 12 API calls 17800->17801 17804 7ff66dd62103 17800->17804 17801->17804 17803 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17802->17803 17803->17804 17804->17730 17806 7ff66dd64e0f 17805->17806 17808 7ff66dd64e13 __crtLCMapStringW 17806->17808 17836 7ff66dd64e68 17806->17836 17808->17730 17811 7ff66dd628b7 17809->17811 17810 7ff66dd628e6 17812 7ff66dd61348 12 API calls 17810->17812 17815 7ff66dd62923 17810->17815 17811->17810 17813 7ff66dd629a3 17811->17813 17812->17815 17814 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17813->17814 17814->17815 17815->17730 17818 7ff66dd6f5d9 17816->17818 17825 7ff66dd6f5e7 17816->17825 17817 7ff66dd6f607 17820 7ff66dd6f618 17817->17820 17821 7ff66dd6f63f 17817->17821 17818->17817 17819 7ff66dd64ee0 45 API calls 17818->17819 17818->17825 17819->17817 17821->17825 17825->17733 17829 7ff66dd6137f 17828->17829 17830 7ff66dd6136e 17828->17830 17829->17830 17831 7ff66dd6e19c _fread_nolock 12 API calls 17829->17831 17830->17797 17832 7ff66dd613b0 17831->17832 17837 7ff66dd64e86 17836->17837 17838 7ff66dd64e8e 17836->17838 17839 7ff66dd64ee0 45 API calls 17837->17839 17838->17808 17839->17838 17851 7ff66dd6171d 17850->17851 17852 7ff66dd6172f 17850->17852 17853 7ff66dd65aa4 _set_fmode 11 API calls 17851->17853 17854 7ff66dd6173d 17852->17854 17858 7ff66dd61779 17852->17858 17855 7ff66dd61722 17853->17855 17857 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 17854->17857 17856 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 17855->17856 17863 7ff66dd6172d 17856->17863 17857->17863 17859 7ff66dd61af5 17858->17859 17860 7ff66dd65aa4 _set_fmode 11 API calls 17858->17860 17861 7ff66dd65aa4 _set_fmode 11 API calls 17859->17861 17859->17863 17862 7ff66dd61aea 17860->17862 17864 7ff66dd61d89 17861->17864 17866 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 17862->17866 17863->17698 17865 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 17864->17865 17865->17863 17866->17859 17868 7ff66dd57966 17867->17868 17869 7ff66dd579dd GetTempPathW 17868->17869 17871 7ff66dd57b60 61 API calls 17868->17871 17870 7ff66dd579f2 17869->17870 17938 7ff66dd52810 17870->17938 17872 7ff66dd57996 17871->17872 17904 7ff66dd57420 17872->17904 17882 7ff66dd57ab6 17886 7ff66dd58ce0 59 API calls 17882->17886 17883 7ff66dd57a0b __vcrt_freefls 17883->17882 17887 7ff66dd57a41 17883->17887 17942 7ff66dd69084 17883->17942 17945 7ff66dd58b70 17883->17945 17888 7ff66dd58bd0 57 API calls 17887->17888 17898 7ff66dd579d6 __vcrt_freefls 17887->17898 17905 7ff66dd5742c 17904->17905 17906 7ff66dd58bd0 57 API calls 17905->17906 17907 7ff66dd5744e 17906->17907 17908 7ff66dd57456 17907->17908 17909 7ff66dd57469 ExpandEnvironmentStringsW 17907->17909 17910 7ff66dd52b10 59 API calls 17908->17910 17911 7ff66dd5748f __vcrt_freefls 17909->17911 17917 7ff66dd57462 17910->17917 17912 7ff66dd574a6 17911->17912 17913 7ff66dd57493 17911->17913 17939 7ff66dd52835 17938->17939 17940 7ff66dd652f8 48 API calls 17939->17940 17941 7ff66dd52854 17940->17941 17941->17883 18066 7ff66dd68cb0 17942->18066 17946 7ff66dd58b96 CreateDirectoryW 17945->17946 17947 7ff66dd58b80 17945->17947 17946->17883 17948 7ff66dd52c30 59 API calls 17947->17948 18107 7ff66dd721a8 18066->18107 18190 7ff66dd53fc0 116 API calls 18189->18190 18191 7ff66dd515b7 18190->18191 18192 7ff66dd515bf 18191->18192 18193 7ff66dd515e0 18191->18193 18194 7ff66dd52b10 59 API calls 18192->18194 18195 7ff66dd60df4 73 API calls 18193->18195 18196 7ff66dd515cf 18194->18196 18197 7ff66dd515f1 18195->18197 18196->16523 18198 7ff66dd515f5 18197->18198 18199 7ff66dd51611 18197->18199 18200 7ff66dd52870 59 API calls 18198->18200 18201 7ff66dd51641 18199->18201 18202 7ff66dd51621 18199->18202 18211 7ff66dd5160c __vcrt_freefls 18200->18211 18203 7ff66dd51656 18201->18203 18209 7ff66dd5166d 18201->18209 18205 7ff66dd52870 59 API calls 18202->18205 18213 7ff66dd51050 18203->18213 18204 7ff66dd6076c 74 API calls 18207 7ff66dd516e7 18204->18207 18205->18211 18207->16523 18208 7ff66dd60abc _fread_nolock 53 API calls 18208->18209 18209->18208 18210 7ff66dd516ae 18209->18210 18209->18211 18212 7ff66dd52870 59 API calls 18210->18212 18211->18204 18212->18211 18214 7ff66dd510a6 18213->18214 18215 7ff66dd510ad 18214->18215 18216 7ff66dd510d3 18214->18216 18217 7ff66dd52b10 59 API calls 18215->18217 18219 7ff66dd510ed 18216->18219 18220 7ff66dd51109 18216->18220 18218 7ff66dd510c0 18217->18218 18218->18211 18221 7ff66dd52870 59 API calls 18219->18221 18222 7ff66dd5111b 18220->18222 18229 7ff66dd51137 memcpy_s 18220->18229 18225 7ff66dd51104 __vcrt_freefls 18221->18225 18223 7ff66dd52870 59 API calls 18222->18223 18223->18225 18224 7ff66dd60abc _fread_nolock 53 API calls 18224->18229 18225->18211 18226 7ff66dd511fe 18227 7ff66dd52b10 59 API calls 18226->18227 18227->18225 18229->18224 18229->18225 18229->18226 18230 7ff66dd60830 37 API calls 18229->18230 18231 7ff66dd611fc 18229->18231 18230->18229 18232 7ff66dd6122c 18231->18232 18233 7ff66dd60f4c 76 API calls 18232->18233 18234 7ff66dd6124a 18233->18234 18234->18229 18237 7ff66dd519c3 18235->18237 18238 7ff66dd5195f 18235->18238 18237->16534 18238->18237 18281 7ff66dd65650 18238->18281 18240 7ff66dd51716 18239->18240 18241 7ff66dd5172e 18239->18241 18242 7ff66dd52b10 59 API calls 18240->18242 18243 7ff66dd51758 18241->18243 18244 7ff66dd51734 18241->18244 18246 7ff66dd51722 18242->18246 18335 7ff66dd57c10 18243->18335 18296 7ff66dd512a0 18244->18296 18246->16534 18250 7ff66dd5177d 18253 7ff66dd52870 59 API calls 18250->18253 18251 7ff66dd517a9 18254 7ff66dd53fc0 116 API calls 18251->18254 18252 7ff66dd5174f 18252->16534 18256 7ff66dd51793 18253->18256 18257 7ff66dd517be 18254->18257 18255 7ff66dd52b10 59 API calls 18255->18252 18256->16534 18258 7ff66dd517c6 18257->18258 18259 7ff66dd517de 18257->18259 18260 7ff66dd52b10 59 API calls 18258->18260 18261 7ff66dd60df4 73 API calls 18259->18261 18262 7ff66dd517d5 18260->18262 18263 7ff66dd517ef 18261->18263 18267 7ff66dd6076c 74 API calls 18262->18267 18264 7ff66dd51813 18263->18264 18265 7ff66dd517f3 18263->18265 18282 7ff66dd6568a 18281->18282 18283 7ff66dd6565d 18281->18283 18285 7ff66dd656ad 18282->18285 18288 7ff66dd656c9 18282->18288 18284 7ff66dd65614 18283->18284 18286 7ff66dd65aa4 _set_fmode 11 API calls 18283->18286 18284->18238 18287 7ff66dd65aa4 _set_fmode 11 API calls 18285->18287 18289 7ff66dd65667 18286->18289 18290 7ff66dd656b2 18287->18290 18291 7ff66dd65578 45 API calls 18288->18291 18292 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 18289->18292 18293 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 18290->18293 18295 7ff66dd656bd 18291->18295 18294 7ff66dd65672 18292->18294 18293->18295 18294->18238 18295->18238 18297 7ff66dd512b2 18296->18297 18298 7ff66dd53fc0 116 API calls 18297->18298 18299 7ff66dd512e2 18298->18299 18300 7ff66dd512ea 18299->18300 18301 7ff66dd51301 18299->18301 18302 7ff66dd52b10 59 API calls 18300->18302 18303 7ff66dd60df4 73 API calls 18301->18303 18308 7ff66dd512fa __vcrt_freefls 18302->18308 18304 7ff66dd51313 18303->18304 18305 7ff66dd5133d 18304->18305 18306 7ff66dd51317 18304->18306 18312 7ff66dd51358 18305->18312 18313 7ff66dd51380 18305->18313 18307 7ff66dd52870 59 API calls 18306->18307 18309 7ff66dd5132e 18307->18309 18310 7ff66dd5be00 _wfindfirst32i64 8 API calls 18308->18310 18311 7ff66dd6076c 74 API calls 18309->18311 18317 7ff66dd51444 18310->18317 18311->18308 18314 7ff66dd52870 59 API calls 18312->18314 18315 7ff66dd5139a 18313->18315 18316 7ff66dd51453 18313->18316 18318 7ff66dd51373 18314->18318 18319 7ff66dd51050 98 API calls 18315->18319 18324 7ff66dd60abc _fread_nolock 53 API calls 18316->18324 18328 7ff66dd514ab 18316->18328 18329 7ff66dd513b3 18316->18329 18317->18252 18317->18255 18320 7ff66dd6076c 74 API calls 18318->18320 18321 7ff66dd513ab 18319->18321 18320->18308 18325 7ff66dd514c2 __vcrt_freefls 18321->18325 18321->18329 18322 7ff66dd6076c 74 API calls 18323 7ff66dd513bf 18322->18323 18354 7ff66dd577c0 18323->18354 18324->18316 18331 7ff66dd6076c 74 API calls 18325->18331 18330 7ff66dd52870 59 API calls 18328->18330 18329->18322 18330->18325 18331->18308 18336 7ff66dd57c20 18335->18336 18337 7ff66dd51ee0 49 API calls 18336->18337 18338 7ff66dd57c61 18337->18338 18339 7ff66dd53f50 57 API calls 18338->18339 18353 7ff66dd57ce1 18338->18353 18343 7ff66dd57c72 18339->18343 18340 7ff66dd5be00 _wfindfirst32i64 8 API calls 18341 7ff66dd51775 18340->18341 18341->18250 18341->18251 18342 7ff66dd57d1b 18344 7ff66dd577c0 64 API calls 18342->18344 18343->18342 18345 7ff66dd57b60 61 API calls 18343->18345 18350 7ff66dd57c92 __vcrt_freefls 18343->18350 18346 7ff66dd57d26 18344->18346 18345->18350 18352 7ff66dd53fc0 116 API calls 18346->18352 18346->18353 18347 7ff66dd57d04 18349 7ff66dd52c30 59 API calls 18347->18349 18348 7ff66dd57cd0 18351 7ff66dd52c30 59 API calls 18348->18351 18349->18342 18350->18347 18350->18348 18351->18353 18352->18353 18353->18340 18419 7ff66dd58bd0 57 API calls 18418->18419 18420 7ff66dd58277 LoadLibraryExW 18419->18420 18421 7ff66dd58294 __vcrt_freefls 18420->18421 18421->16550 18423 7ff66dd56f3c GetProcAddress 18422->18423 18424 7ff66dd56f19 18422->18424 18423->18424 18481->16567 18482->16565 18484 7ff66dd55bd0 18483->18484 18485 7ff66dd51ee0 49 API calls 18484->18485 18486 7ff66dd55c02 18485->18486 18487 7ff66dd55c0b 18486->18487 18490 7ff66dd55c2b 18486->18490 18488 7ff66dd52b10 59 API calls 18487->18488 18492 7ff66dd55c21 18488->18492 18489 7ff66dd55c82 18491 7ff66dd54040 49 API calls 18489->18491 18490->18489 18493 7ff66dd54040 49 API calls 18490->18493 18494 7ff66dd55c9b 18491->18494 18496 7ff66dd5be00 _wfindfirst32i64 8 API calls 18492->18496 18495 7ff66dd55c4c 18493->18495 18497 7ff66dd55cb9 18494->18497 18501 7ff66dd52b10 59 API calls 18494->18501 18498 7ff66dd55c6a 18495->18498 18503 7ff66dd52b10 59 API calls 18495->18503 18500 7ff66dd5344e 18496->18500 18502 7ff66dd58260 58 API calls 18497->18502 18499 7ff66dd53f50 57 API calls 18498->18499 18504 7ff66dd55c74 18499->18504 18500->16577 18511 7ff66dd55d20 18500->18511 18501->18497 18505 7ff66dd55cc6 18502->18505 18503->18498 18504->18489 18509 7ff66dd58260 58 API calls 18504->18509 18506 7ff66dd55ccb 18505->18506 18507 7ff66dd55ced 18505->18507 18510 7ff66dd529c0 57 API calls 18506->18510 18581 7ff66dd551e0 GetProcAddress 18507->18581 18509->18489 18510->18492 18665 7ff66dd54de0 18511->18665 18513 7ff66dd55d44 18514 7ff66dd55d4c 18513->18514 18515 7ff66dd55d5d 18513->18515 18516 7ff66dd52b10 59 API calls 18514->18516 18672 7ff66dd54520 18515->18672 18522 7ff66dd55d58 18516->18522 18522->16579 18582 7ff66dd55220 GetProcAddress 18581->18582 18591 7ff66dd55202 18581->18591 18583 7ff66dd55245 GetProcAddress 18582->18583 18582->18591 18584 7ff66dd5526a GetProcAddress 18583->18584 18583->18591 18586 7ff66dd55292 GetProcAddress 18584->18586 18584->18591 18585 7ff66dd529c0 57 API calls 18587 7ff66dd55215 18585->18587 18588 7ff66dd552ba GetProcAddress 18586->18588 18586->18591 18587->18492 18588->18591 18591->18585 18667 7ff66dd54e05 18665->18667 18666 7ff66dd54e0d 18666->18513 18667->18666 18670 7ff66dd54f9f 18667->18670 18707 7ff66dd67598 18667->18707 18668 7ff66dd5514a __vcrt_freefls 18668->18513 18669 7ff66dd54240 47 API calls 18669->18670 18670->18668 18670->18669 18673 7ff66dd54550 18672->18673 18708 7ff66dd675c8 18707->18708 18711 7ff66dd66a94 18708->18711 18712 7ff66dd66ad7 18711->18712 18713 7ff66dd66ac5 18711->18713 18714 7ff66dd66b21 18712->18714 18716 7ff66dd66ae4 18712->18716 18715 7ff66dd65aa4 _set_fmode 11 API calls 18713->18715 18717 7ff66dd66b3c 18714->18717 18721 7ff66dd64ee0 45 API calls 18714->18721 18718 7ff66dd66aca 18715->18718 18720 7ff66dd6b3b8 _invalid_parameter_noinfo 37 API calls 18716->18720 18721->18717 18807 7ff66dd52d66 18806->18807 18808 7ff66dd51ee0 49 API calls 18807->18808 18809 7ff66dd52d99 18808->18809 18810 7ff66dd53e30 49 API calls 18809->18810 18837 7ff66dd530ca 18809->18837 18811 7ff66dd52e07 18810->18811 18812 7ff66dd53e30 49 API calls 18811->18812 18813 7ff66dd52e18 18812->18813 18814 7ff66dd52e39 18813->18814 18815 7ff66dd52e75 18813->18815 18857 7ff66dd53190 18814->18857 18816 7ff66dd53190 75 API calls 18815->18816 18818 7ff66dd52e73 18816->18818 18819 7ff66dd52ef6 18818->18819 18820 7ff66dd52eb4 18818->18820 18822 7ff66dd53190 75 API calls 18819->18822 18865 7ff66dd575a0 18820->18865 18824 7ff66dd52f20 18822->18824 18828 7ff66dd53190 75 API calls 18824->18828 18834 7ff66dd52fbc 18824->18834 18830 7ff66dd52f52 18828->18830 18830->18834 18835 7ff66dd53190 75 API calls 18830->18835 18831 7ff66dd51ea0 59 API calls 18832 7ff66dd5300f 18831->18832 18832->18837 18839 7ff66dd51ee0 49 API calls 18832->18839 18834->18831 18850 7ff66dd530cf 18834->18850 18838 7ff66dd52f80 18835->18838 18838->18834 18847 7ff66dd65650 45 API calls 18847->18850 18848 7ff66dd53128 18850->18847 18850->18848 18858 7ff66dd531c4 18857->18858 18859 7ff66dd650a4 49 API calls 18858->18859 18860 7ff66dd531ea 18859->18860 18861 7ff66dd531fb 18860->18861 18902 7ff66dd663cc 18860->18902 18863 7ff66dd5be00 _wfindfirst32i64 8 API calls 18861->18863 18864 7ff66dd53219 18863->18864 18864->18818 18866 7ff66dd575ae 18865->18866 18867 7ff66dd53fc0 116 API calls 18866->18867 18868 7ff66dd575dd 18867->18868 18869 7ff66dd51ee0 49 API calls 18868->18869 18903 7ff66dd663e9 18902->18903 18904 7ff66dd663f5 18902->18904 18919 7ff66dd65ce0 18903->18919 18906 7ff66dd65578 45 API calls 18904->18906 18908 7ff66dd6641d 18906->18908 18911 7ff66dd6642d 18908->18911 18943 7ff66dd6f9c4 18908->18943 18920 7ff66dd65cfa 18919->18920 18921 7ff66dd65d17 18919->18921 18921->18920 19134 7ff66dd6bcf0 __CxxCallCatchBlock 45 API calls 19133->19134 19135 7ff66dd6af51 19134->19135 19136 7ff66dd6b07c __CxxCallCatchBlock 45 API calls 19135->19136 19137 7ff66dd6af71 19136->19137 20022 7ff66dd6d0c0 20033 7ff66dd71298 EnterCriticalSection 20022->20033 20034 7ff66dd6a8c0 20037 7ff66dd6a83c 20034->20037 20044 7ff66dd71298 EnterCriticalSection 20037->20044 20045 7ff66dd702cc 20046 7ff66dd704be 20045->20046 20048 7ff66dd7030e _isindst 20045->20048 20047 7ff66dd65aa4 _set_fmode 11 API calls 20046->20047 20065 7ff66dd704ae 20047->20065 20048->20046 20051 7ff66dd7038e _isindst 20048->20051 20049 7ff66dd5be00 _wfindfirst32i64 8 API calls 20050 7ff66dd704d9 20049->20050 20066 7ff66dd76ee4 20051->20066 20056 7ff66dd704ea 20058 7ff66dd6b4a4 _wfindfirst32i64 17 API calls 20056->20058 20060 7ff66dd704fe 20058->20060 20063 7ff66dd703eb 20063->20065 20090 7ff66dd76f28 20063->20090 20065->20049 20067 7ff66dd76ef3 20066->20067 20070 7ff66dd703ac 20066->20070 20097 7ff66dd71298 EnterCriticalSection 20067->20097 20072 7ff66dd762e8 20070->20072 20073 7ff66dd703c1 20072->20073 20074 7ff66dd762f1 20072->20074 20073->20056 20078 7ff66dd76318 20073->20078 20075 7ff66dd65aa4 _set_fmode 11 API calls 20074->20075 20076 7ff66dd762f6 20075->20076 20077 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 20076->20077 20077->20073 20079 7ff66dd703d2 20078->20079 20080 7ff66dd76321 20078->20080 20079->20056 20084 7ff66dd76348 20079->20084 20081 7ff66dd65aa4 _set_fmode 11 API calls 20080->20081 20082 7ff66dd76326 20081->20082 20083 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 20082->20083 20083->20079 20085 7ff66dd703e3 20084->20085 20086 7ff66dd76351 20084->20086 20085->20056 20085->20063 20087 7ff66dd65aa4 _set_fmode 11 API calls 20086->20087 20088 7ff66dd76356 20087->20088 20089 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 20088->20089 20089->20085 20098 7ff66dd71298 EnterCriticalSection 20090->20098 19138 7ff66dd6a4d1 19139 7ff66dd6af48 45 API calls 19138->19139 19140 7ff66dd6a4d6 19139->19140 19141 7ff66dd6a4fd GetModuleHandleW 19140->19141 19142 7ff66dd6a547 19140->19142 19141->19142 19143 7ff66dd6a50a 19141->19143 19150 7ff66dd6a3d4 19142->19150 19143->19142 19164 7ff66dd6a5f8 GetModuleHandleExW 19143->19164 19170 7ff66dd71298 EnterCriticalSection 19150->19170 19165 7ff66dd6a62c GetProcAddress 19164->19165 19166 7ff66dd6a655 19164->19166 19169 7ff66dd6a63e 19165->19169 19167 7ff66dd6a65a FreeLibrary 19166->19167 19168 7ff66dd6a661 19166->19168 19167->19168 19168->19142 19169->19166 20103 7ff66dd5c0d0 20104 7ff66dd5c0e0 20103->20104 20120 7ff66dd6a718 20104->20120 20106 7ff66dd5c0ec 20126 7ff66dd5c3c8 20106->20126 20108 7ff66dd5c6ac 7 API calls 20110 7ff66dd5c185 20108->20110 20109 7ff66dd5c104 _RTC_Initialize 20118 7ff66dd5c159 20109->20118 20131 7ff66dd5c578 20109->20131 20112 7ff66dd5c119 20134 7ff66dd69b84 20112->20134 20118->20108 20119 7ff66dd5c175 20118->20119 20121 7ff66dd6a729 20120->20121 20122 7ff66dd6a731 20121->20122 20123 7ff66dd65aa4 _set_fmode 11 API calls 20121->20123 20122->20106 20124 7ff66dd6a740 20123->20124 20125 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 20124->20125 20125->20122 20127 7ff66dd5c3d9 20126->20127 20130 7ff66dd5c3de __scrt_release_startup_lock 20126->20130 20128 7ff66dd5c6ac 7 API calls 20127->20128 20127->20130 20129 7ff66dd5c452 20128->20129 20130->20109 20159 7ff66dd5c53c 20131->20159 20133 7ff66dd5c581 20133->20112 20135 7ff66dd69ba4 20134->20135 20149 7ff66dd5c125 20134->20149 20136 7ff66dd69bac 20135->20136 20137 7ff66dd69bc2 GetModuleFileNameW 20135->20137 20138 7ff66dd65aa4 _set_fmode 11 API calls 20136->20138 20141 7ff66dd69bed 20137->20141 20139 7ff66dd69bb1 20138->20139 20140 7ff66dd6b484 _invalid_parameter_noinfo 37 API calls 20139->20140 20140->20149 20142 7ff66dd69b24 11 API calls 20141->20142 20143 7ff66dd69c2d 20142->20143 20144 7ff66dd69c35 20143->20144 20148 7ff66dd69c4d 20143->20148 20145 7ff66dd65aa4 _set_fmode 11 API calls 20144->20145 20146 7ff66dd69c3a 20145->20146 20147 7ff66dd6b4ec __free_lconv_num 11 API calls 20146->20147 20147->20149 20151 7ff66dd69c9b 20148->20151 20152 7ff66dd69cb4 20148->20152 20156 7ff66dd69c6f 20148->20156 20149->20118 20158 7ff66dd5c64c InitializeSListHead 20149->20158 20150 7ff66dd6b4ec __free_lconv_num 11 API calls 20150->20149 20153 7ff66dd6b4ec __free_lconv_num 11 API calls 20151->20153 20154 7ff66dd6b4ec __free_lconv_num 11 API calls 20152->20154 20155 7ff66dd69ca4 20153->20155 20154->20156 20157 7ff66dd6b4ec __free_lconv_num 11 API calls 20155->20157 20156->20150 20157->20149 20160 7ff66dd5c556 20159->20160 20162 7ff66dd5c54f 20159->20162 20163 7ff66dd6ad5c 20160->20163 20162->20133 20166 7ff66dd6a998 20163->20166 20173 7ff66dd71298 EnterCriticalSection 20166->20173

    Executed Functions

    Function 00007FF66DD7789C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 196 7ff66dd7789c-7ff66dd7790f call 7ff66dd775d0 199 7ff66dd77929-7ff66dd77933 call 7ff66dd68a14 196->199 200 7ff66dd77911-7ff66dd7791a call 7ff66dd65a84 196->200 206 7ff66dd77935-7ff66dd7794c call 7ff66dd65a84 call 7ff66dd65aa4 199->206 207 7ff66dd7794e-7ff66dd779b7 CreateFileW 199->207 205 7ff66dd7791d-7ff66dd77924 call 7ff66dd65aa4 200->205 220 7ff66dd77c6a-7ff66dd77c8a 205->220 206->205 210 7ff66dd779b9-7ff66dd779bf 207->210 211 7ff66dd77a34-7ff66dd77a3f GetFileType 207->211 212 7ff66dd77a01-7ff66dd77a2f GetLastError call 7ff66dd65a18 210->212 213 7ff66dd779c1-7ff66dd779c5 210->213 215 7ff66dd77a92-7ff66dd77a99 211->215 216 7ff66dd77a41-7ff66dd77a7c GetLastError call 7ff66dd65a18 CloseHandle 211->216 212->205 213->212 218 7ff66dd779c7-7ff66dd779ff CreateFileW 213->218 223 7ff66dd77a9b-7ff66dd77a9f 215->223 224 7ff66dd77aa1-7ff66dd77aa4 215->224 216->205 231 7ff66dd77a82-7ff66dd77a8d call 7ff66dd65aa4 216->231 218->211 218->212 228 7ff66dd77aaa-7ff66dd77aff call 7ff66dd6892c 223->228 224->228 229 7ff66dd77aa6 224->229 234 7ff66dd77b01-7ff66dd77b0d call 7ff66dd777d8 228->234 235 7ff66dd77b1e-7ff66dd77b4f call 7ff66dd77350 228->235 229->228 231->205 234->235 241 7ff66dd77b0f 234->241 242 7ff66dd77b55-7ff66dd77b97 235->242 243 7ff66dd77b51-7ff66dd77b53 235->243 244 7ff66dd77b11-7ff66dd77b19 call 7ff66dd6b664 241->244 245 7ff66dd77bb9-7ff66dd77bc4 242->245 246 7ff66dd77b99-7ff66dd77b9d 242->246 243->244 244->220 248 7ff66dd77bca-7ff66dd77bce 245->248 249 7ff66dd77c68 245->249 246->245 247 7ff66dd77b9f-7ff66dd77bb4 246->247 247->245 248->249 251 7ff66dd77bd4-7ff66dd77c19 CloseHandle CreateFileW 248->251 249->220 253 7ff66dd77c1b-7ff66dd77c49 GetLastError call 7ff66dd65a18 call 7ff66dd68b54 251->253 254 7ff66dd77c4e-7ff66dd77c63 251->254 253->254 254->249
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
    • String ID:
    • API String ID: 1617910340-0
    • Opcode ID: ebe04baee35d04197a335186ba8f0519e297a15ab634c4b8ae388dbdf22bacec
    • Instruction ID: 417eccdff977bcbe709dac73c51264ee56b5c9513ece38d9b2c65a70e5c2ba88
    • Opcode Fuzzy Hash: ebe04baee35d04197a335186ba8f0519e297a15ab634c4b8ae388dbdf22bacec
    • Instruction Fuzzy Hash: 5DC1AF32B24A42E5EB10EF69C4906AC3771EB49B98F050735DA1E9B3D5EF38E555C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD51A90 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _fread_nolock$Message
    • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
    • API String ID: 677216364-1384898525
    • Opcode ID: 6dcb471c20a695c8c3338c61758bdfdb2c89e06d090f1080b8e13a62910c7b18
    • Instruction ID: 35d73796af3b5ff5818258b2cf99f45c3a8796f2336833b4c5e1ef8204504585
    • Opcode Fuzzy Hash: 6dcb471c20a695c8c3338c61758bdfdb2c89e06d090f1080b8e13a62910c7b18
    • Instruction Fuzzy Hash: 30514A71A09642C6EB24EF29E5501BC77B0EF48B88F558636DA0DCB795EE3CE444CB44
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD51000 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 269COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 48 7ff66dd51000-7ff66dd539b6 call 7ff66dd60540 call 7ff66dd60538 call 7ff66dd587a0 call 7ff66dd60538 call 7ff66dd5bda0 call 7ff66dd658d0 call 7ff66dd664d8 call 7ff66dd51ea0 66 7ff66dd539bc-7ff66dd539cc call 7ff66dd53eb0 48->66 67 7ff66dd53b5f 48->67 66->67 72 7ff66dd539d2-7ff66dd539e5 call 7ff66dd53d80 66->72 69 7ff66dd53b64-7ff66dd53b84 call 7ff66dd5be00 67->69 72->67 76 7ff66dd539eb-7ff66dd53a12 call 7ff66dd57b60 72->76 79 7ff66dd53a54-7ff66dd53a7c call 7ff66dd58040 call 7ff66dd51ca0 76->79 80 7ff66dd53a14-7ff66dd53a23 call 7ff66dd57b60 76->80 91 7ff66dd53b2d-7ff66dd53b3e 79->91 92 7ff66dd53a82-7ff66dd53a98 call 7ff66dd51ca0 79->92 80->79 86 7ff66dd53a25-7ff66dd53a2b 80->86 87 7ff66dd53a2d-7ff66dd53a35 86->87 88 7ff66dd53a37-7ff66dd53a51 call 7ff66dd6555c call 7ff66dd58040 86->88 87->88 88->79 93 7ff66dd53b92-7ff66dd53b95 91->93 94 7ff66dd53b40-7ff66dd53b47 91->94 107 7ff66dd53a9a-7ff66dd53aad call 7ff66dd52b10 92->107 108 7ff66dd53ab7-7ff66dd53aba 92->108 100 7ff66dd53bab-7ff66dd53bc3 call 7ff66dd58bd0 93->100 101 7ff66dd53b97-7ff66dd53b9d 93->101 94->93 97 7ff66dd53b49-7ff66dd53b51 call 7ff66dd58970 94->97 116 7ff66dd53b53 97->116 117 7ff66dd53b85-7ff66dd53b90 call 7ff66dd514e0 97->117 118 7ff66dd53bc5-7ff66dd53bcc 100->118 119 7ff66dd53bce-7ff66dd53bd5 SetDllDirectoryW 100->119 102 7ff66dd53bdb-7ff66dd53be8 call 7ff66dd56de0 101->102 103 7ff66dd53b9f-7ff66dd53ba9 101->103 123 7ff66dd53bea-7ff66dd53bf7 call 7ff66dd56a90 102->123 124 7ff66dd53c33-7ff66dd53c38 call 7ff66dd56d60 102->124 103->100 103->102 114 7ff66dd53ab2 107->114 108->91 109 7ff66dd53abc-7ff66dd53ad3 call 7ff66dd53fc0 108->109 126 7ff66dd53ada-7ff66dd53b06 call 7ff66dd582b0 109->126 127 7ff66dd53ad5-7ff66dd53ad8 109->127 114->67 122 7ff66dd53b5a call 7ff66dd52b10 116->122 117->67 117->93 118->122 119->102 122->67 123->124 139 7ff66dd53bf9-7ff66dd53c08 call 7ff66dd565f0 123->139 134 7ff66dd53c3d-7ff66dd53c40 124->134 126->91 141 7ff66dd53b08-7ff66dd53b10 call 7ff66dd6076c 126->141 132 7ff66dd53b15-7ff66dd53b2b call 7ff66dd52b10 127->132 132->67 137 7ff66dd53ce6-7ff66dd53cf5 call 7ff66dd534a0 134->137 138 7ff66dd53c46-7ff66dd53c50 134->138 137->67 151 7ff66dd53cfb-7ff66dd53d54 call 7ff66dd58940 call 7ff66dd57fd0 call 7ff66dd57b60 call 7ff66dd53600 call 7ff66dd58080 call 7ff66dd56840 call 7ff66dd56d60 137->151 142 7ff66dd53c53-7ff66dd53c5d 138->142 155 7ff66dd53c0a-7ff66dd53c16 call 7ff66dd56570 139->155 156 7ff66dd53c29-7ff66dd53c2e call 7ff66dd56840 139->156 141->132 148 7ff66dd53c66-7ff66dd53c68 142->148 149 7ff66dd53c5f-7ff66dd53c64 142->149 153 7ff66dd53c6a-7ff66dd53c8d call 7ff66dd51ee0 148->153 154 7ff66dd53cb1-7ff66dd53ce1 call 7ff66dd53600 call 7ff66dd53440 call 7ff66dd535f0 call 7ff66dd56840 call 7ff66dd56d60 148->154 149->142 149->148 191 7ff66dd53d56-7ff66dd53d5d call 7ff66dd57d40 151->191 192 7ff66dd53d62-7ff66dd53d6c call 7ff66dd51e70 151->192 153->67 166 7ff66dd53c93-7ff66dd53c9d 153->166 154->69 155->156 167 7ff66dd53c18-7ff66dd53c27 call 7ff66dd56c30 155->167 156->124 170 7ff66dd53ca0-7ff66dd53caf 166->170 167->134 170->154 170->170 191->192 192->69
    APIs
      • Part of subcall function 00007FF66DD53EB0: GetModuleFileNameW.KERNEL32(?,00007FF66DD539CA), ref: 00007FF66DD53EE1
    • SetDllDirectoryW.KERNEL32 ref: 00007FF66DD53BD5
      • Part of subcall function 00007FF66DD57B60: GetEnvironmentVariableW.KERNEL32(00007FF66DD539FF), ref: 00007FF66DD57B9A
      • Part of subcall function 00007FF66DD57B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF66DD57BB7
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
    • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
    • API String ID: 2344891160-1544818733
    • Opcode ID: 96931881d18b0330ea34091d7b5263f0145edfa0e674df194285457188caea9b
    • Instruction ID: 309229d29f3f797e6a2880781eeb06bf98aa79e842017d64844620932eecb149
    • Opcode Fuzzy Hash: 96931881d18b0330ea34091d7b5263f0145edfa0e674df194285457188caea9b
    • Instruction Fuzzy Hash: 03B14731A1C682D1EE25BB25D8512BD62B1FF94784F840336EA5DCF69AFE2CF5058740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6C5FC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 259 7ff66dd6c5fc-7ff66dd6c622 260 7ff66dd6c63d-7ff66dd6c641 259->260 261 7ff66dd6c624-7ff66dd6c638 call 7ff66dd65a84 call 7ff66dd65aa4 259->261 263 7ff66dd6ca17-7ff66dd6ca23 call 7ff66dd65a84 call 7ff66dd65aa4 260->263 264 7ff66dd6c647-7ff66dd6c64e 260->264 277 7ff66dd6ca2e 261->277 283 7ff66dd6ca29 call 7ff66dd6b484 263->283 264->263 266 7ff66dd6c654-7ff66dd6c682 264->266 266->263 269 7ff66dd6c688-7ff66dd6c68f 266->269 272 7ff66dd6c6a8-7ff66dd6c6ab 269->272 273 7ff66dd6c691-7ff66dd6c6a3 call 7ff66dd65a84 call 7ff66dd65aa4 269->273 275 7ff66dd6ca13-7ff66dd6ca15 272->275 276 7ff66dd6c6b1-7ff66dd6c6b7 272->276 273->283 280 7ff66dd6ca31-7ff66dd6ca48 275->280 276->275 281 7ff66dd6c6bd-7ff66dd6c6c0 276->281 277->280 281->273 285 7ff66dd6c6c2-7ff66dd6c6e7 281->285 283->277 288 7ff66dd6c71a-7ff66dd6c721 285->288 289 7ff66dd6c6e9-7ff66dd6c6eb 285->289 290 7ff66dd6c6f6-7ff66dd6c70d call 7ff66dd65a84 call 7ff66dd65aa4 call 7ff66dd6b484 288->290 291 7ff66dd6c723-7ff66dd6c74b call 7ff66dd6e19c call 7ff66dd6b4ec * 2 288->291 292 7ff66dd6c6ed-7ff66dd6c6f4 289->292 293 7ff66dd6c712-7ff66dd6c718 289->293 325 7ff66dd6c8a0 290->325 320 7ff66dd6c74d-7ff66dd6c763 call 7ff66dd65aa4 call 7ff66dd65a84 291->320 321 7ff66dd6c768-7ff66dd6c793 call 7ff66dd6ce24 291->321 292->290 292->293 296 7ff66dd6c798-7ff66dd6c7af 293->296 297 7ff66dd6c82a-7ff66dd6c834 call 7ff66dd7456c 296->297 298 7ff66dd6c7b1-7ff66dd6c7b9 296->298 311 7ff66dd6c83a-7ff66dd6c84f 297->311 312 7ff66dd6c8be 297->312 298->297 301 7ff66dd6c7bb-7ff66dd6c7bd 298->301 301->297 305 7ff66dd6c7bf-7ff66dd6c7d5 301->305 305->297 309 7ff66dd6c7d7-7ff66dd6c7e3 305->309 309->297 314 7ff66dd6c7e5-7ff66dd6c7e7 309->314 311->312 317 7ff66dd6c851-7ff66dd6c863 GetConsoleMode 311->317 316 7ff66dd6c8c3-7ff66dd6c8e3 ReadFile 312->316 314->297 319 7ff66dd6c7e9-7ff66dd6c801 314->319 322 7ff66dd6c9dd-7ff66dd6c9e6 GetLastError 316->322 323 7ff66dd6c8e9-7ff66dd6c8f1 316->323 317->312 324 7ff66dd6c865-7ff66dd6c86d 317->324 319->297 329 7ff66dd6c803-7ff66dd6c80f 319->329 320->325 321->296 326 7ff66dd6c9e8-7ff66dd6c9fe call 7ff66dd65aa4 call 7ff66dd65a84 322->326 327 7ff66dd6ca03-7ff66dd6ca06 322->327 323->322 331 7ff66dd6c8f7 323->331 324->316 333 7ff66dd6c86f-7ff66dd6c891 ReadConsoleW 324->333 328 7ff66dd6c8a3-7ff66dd6c8ad call 7ff66dd6b4ec 325->328 326->325 339 7ff66dd6ca0c-7ff66dd6ca0e 327->339 340 7ff66dd6c899-7ff66dd6c89b call 7ff66dd65a18 327->340 328->280 329->297 338 7ff66dd6c811-7ff66dd6c813 329->338 342 7ff66dd6c8fe-7ff66dd6c913 331->342 334 7ff66dd6c8b2-7ff66dd6c8bc 333->334 335 7ff66dd6c893 GetLastError 333->335 334->342 335->340 338->297 347 7ff66dd6c815-7ff66dd6c825 338->347 339->328 340->325 342->328 349 7ff66dd6c915-7ff66dd6c920 342->349 347->297 352 7ff66dd6c947-7ff66dd6c94f 349->352 353 7ff66dd6c922-7ff66dd6c93b call 7ff66dd6c214 349->353 354 7ff66dd6c9cb-7ff66dd6c9d8 call 7ff66dd6c054 352->354 355 7ff66dd6c951-7ff66dd6c963 352->355 358 7ff66dd6c940-7ff66dd6c942 353->358 354->358 359 7ff66dd6c965 355->359 360 7ff66dd6c9be-7ff66dd6c9c6 355->360 358->328 363 7ff66dd6c96a-7ff66dd6c971 359->363 360->328 364 7ff66dd6c9ad-7ff66dd6c9b8 363->364 365 7ff66dd6c973-7ff66dd6c977 363->365 364->360 366 7ff66dd6c979-7ff66dd6c980 365->366 367 7ff66dd6c993 365->367 366->367 368 7ff66dd6c982-7ff66dd6c986 366->368 369 7ff66dd6c999-7ff66dd6c9a9 367->369 368->367 370 7ff66dd6c988-7ff66dd6c991 368->370 369->363 371 7ff66dd6c9ab 369->371 370->369 371->360
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: c279c688e5b0889b49cc882017481efc371aace171ab011e23a17b81497fd1df
    • Instruction ID: a12baf0b6329f7fb7ab591ec8f8d5262a97079a576c06fc9bcd16604038de666
    • Opcode Fuzzy Hash: c279c688e5b0889b49cc882017481efc371aace171ab011e23a17b81497fd1df
    • Instruction Fuzzy Hash: 2DC1B422A086C6D5EB60AB5A94442BD3B75EF80B80F554331EA4D8F796EF7DE84583C0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD52B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Message$ByteCharMultiWide
    • String ID: Fatal error detected
    • API String ID: 1878133881-4025702859
    • Opcode ID: b6f7d9423fd809a91d1653bcdf9902987ab7b8a697f00e322c081d77e498ae58
    • Instruction ID: 4ef842833c8982f296a1506ab4a7b8714b479f74130dca5ed65d37dfb6278bd6
    • Opcode Fuzzy Hash: b6f7d9423fd809a91d1653bcdf9902987ab7b8a697f00e322c081d77e498ae58
    • Instruction Fuzzy Hash: 9B217972628685D1EB30EB14F4516EA7374FF84788F805235E68D8BA99EF3CE215C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5C1BC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
    • String ID:
    • API String ID: 3251591375-0
    • Opcode ID: 6f7f5303e9b22c034abd0ab4f6e45a615f00bbc4bee0f7f82c8393816be5d00e
    • Instruction ID: 08c906dded9488b375945e7c79f253fd8cb7594d4cabfc1955f0200bbebd9839
    • Opcode Fuzzy Hash: 6f7f5303e9b22c034abd0ab4f6e45a615f00bbc4bee0f7f82c8393816be5d00e
    • Instruction Fuzzy Hash: 0B312830A0C643C6FA24BBA994627B923B1DF51784F485635D94ECF2E3FE2DB4048340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6A5A0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Process$CurrentExitTerminate
    • String ID:
    • API String ID: 1703294689-0
    • Opcode ID: 4ba61a3cc0556e7c92b6fc1e72a638e9c9ea62dc27ce852986ab15971a897a88
    • Instruction ID: b70c9fcff17a8875374ae9f6fb84f803a87e1cc8326fa7d8552b472355d04979
    • Opcode Fuzzy Hash: 4ba61a3cc0556e7c92b6fc1e72a638e9c9ea62dc27ce852986ab15971a897a88
    • Instruction Fuzzy Hash: 48D09E20B08692D6EA147B76585947C23715F49741F10267CD85F9E393FD3CB84D4380
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6085C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 456 7ff66dd6085c-7ff66dd60889 457 7ff66dd6088b-7ff66dd6088e 456->457 458 7ff66dd608a5 456->458 457->458 459 7ff66dd60890-7ff66dd60893 457->459 460 7ff66dd608a7-7ff66dd608bb 458->460 461 7ff66dd608bc-7ff66dd608bf 459->461 462 7ff66dd60895-7ff66dd6089a call 7ff66dd65aa4 459->462 464 7ff66dd608cf-7ff66dd608d3 461->464 465 7ff66dd608c1-7ff66dd608cd 461->465 473 7ff66dd608a0 call 7ff66dd6b484 462->473 468 7ff66dd608e7-7ff66dd608ea 464->468 469 7ff66dd608d5-7ff66dd608df call 7ff66dd7b380 464->469 465->464 467 7ff66dd608fa-7ff66dd60903 465->467 471 7ff66dd6090a 467->471 472 7ff66dd60905-7ff66dd60908 467->472 468->462 470 7ff66dd608ec-7ff66dd608f8 468->470 469->468 470->462 470->467 475 7ff66dd6090f-7ff66dd6092e 471->475 472->475 473->458 478 7ff66dd60a75-7ff66dd60a78 475->478 479 7ff66dd60934-7ff66dd60942 475->479 478->460 480 7ff66dd609ba-7ff66dd609bf 479->480 481 7ff66dd60944-7ff66dd6094b 479->481 483 7ff66dd60a2c-7ff66dd60a2f call 7ff66dd6ca4c 480->483 484 7ff66dd609c1-7ff66dd609cd 480->484 481->480 482 7ff66dd6094d 481->482 486 7ff66dd60953-7ff66dd6095d 482->486 487 7ff66dd60aa0 482->487 491 7ff66dd60a34-7ff66dd60a37 483->491 488 7ff66dd609d9-7ff66dd609df 484->488 489 7ff66dd609cf-7ff66dd609d6 484->489 492 7ff66dd60a7d-7ff66dd60a81 486->492 493 7ff66dd60963-7ff66dd60969 486->493 490 7ff66dd60aa5-7ff66dd60ab0 487->490 488->492 494 7ff66dd609e5-7ff66dd60a02 call 7ff66dd6aff4 call 7ff66dd6c5fc 488->494 489->488 490->460 491->490 495 7ff66dd60a39-7ff66dd60a3c 491->495 498 7ff66dd60a83-7ff66dd60a8b call 7ff66dd7b380 492->498 499 7ff66dd60a90-7ff66dd60a9b call 7ff66dd65aa4 492->499 496 7ff66dd6096b-7ff66dd6096e 493->496 497 7ff66dd609a1-7ff66dd609b5 493->497 514 7ff66dd60a07-7ff66dd60a09 494->514 495->492 501 7ff66dd60a3e-7ff66dd60a55 495->501 503 7ff66dd6098c-7ff66dd60997 call 7ff66dd65aa4 call 7ff66dd6b484 496->503 504 7ff66dd60970-7ff66dd60976 496->504 502 7ff66dd60a5c-7ff66dd60a67 497->502 498->499 499->473 501->502 502->479 510 7ff66dd60a6d 502->510 522 7ff66dd6099c 503->522 511 7ff66dd60978-7ff66dd60980 call 7ff66dd7ace0 504->511 512 7ff66dd60982-7ff66dd60987 call 7ff66dd7b380 504->512 510->478 511->522 512->503 518 7ff66dd60ab5-7ff66dd60aba 514->518 519 7ff66dd60a0f 514->519 518->490 519->487 523 7ff66dd60a15-7ff66dd60a2a 519->523 522->497 523->502
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 8ce18104659cefce8bbb9575f08fa5332ecac4dfb73f1cb09f1d3f805200cb2f
    • Instruction ID: fb09ba4922a2294e032bd273817128c238f0bc1d670eb497a4054d1ef4d67741
    • Opcode Fuzzy Hash: 8ce18104659cefce8bbb9575f08fa5332ecac4dfb73f1cb09f1d3f805200cb2f
    • Instruction Fuzzy Hash: 4751B661B096C1C5F624BA27940067E76A1BF44BE4F184735EDAD8F7C9EE3CE4418780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6B6FC Relevance: 3.1, APIs: 2, Instructions: 59COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF66DD6B579,?,?,00000000,00007FF66DD6B62E), ref: 00007FF66DD6B76A
    • GetLastError.KERNEL32(?,?,?,00007FF66DD6B579,?,?,00000000,00007FF66DD6B62E), ref: 00007FF66DD6B774
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ChangeCloseErrorFindLastNotification
    • String ID:
    • API String ID: 1687624791-0
    • Opcode ID: e3b73f063bb60367d817196ec2a4f8f6eb52bee7e7896c4ceb0739ce7562b917
    • Instruction ID: 20999f028cfc73408f65fd396e111de1bb1c31bb23adebd7fbd7b427c91bdfb8
    • Opcode Fuzzy Hash: e3b73f063bb60367d817196ec2a4f8f6eb52bee7e7896c4ceb0739ce7562b917
    • Instruction Fuzzy Hash: 06219611B187C2C1FE50B766959027D32A25F447A0F094335EA2DCF3D6FE6CE4948380
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6CCD4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ErrorFileLastPointer
    • String ID:
    • API String ID: 2976181284-0
    • Opcode ID: 62a26f8d1512d31d847f2a475d98554d5a752059faf1bb854899a2cf804e20f8
    • Instruction ID: 1cd425afb5491abf89596a2a46b6933ae2894e51f93cf6528e1c679f1f6665aa
    • Opcode Fuzzy Hash: 62a26f8d1512d31d847f2a475d98554d5a752059faf1bb854899a2cf804e20f8
    • Instruction Fuzzy Hash: E6118261708A81C1DA10AB2AE44416D7B71AB85BF4F544331EA7D8B7D9EE7CD4508780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6CA4C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 9bd69e230f0d3b0e5758ab1338c67e81032152045ba6d69f05b41d5745cc01d1
    • Instruction ID: afaeafa8cb484209ab3eb74311b1eb5ccb34434d6b1fcc03213a94dd7a5bcf7b
    • Opcode Fuzzy Hash: 9bd69e230f0d3b0e5758ab1338c67e81032152045ba6d69f05b41d5745cc01d1
    • Instruction Fuzzy Hash: 95417F32A08681C7EE34EA2EA54117D77B0EB56B95F141331E68ECA6D1EF2CF4428791
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD582B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _fread_nolock
    • String ID:
    • API String ID: 840049012-0
    • Opcode ID: dd25f11f42851f3553b9b6eda5e148bc6a7380405693cde1455446072bdc424b
    • Instruction ID: 984c40c1c549b52944d4dabb4311d8b8c360e6fb4055c9c655bdb19472a626fa
    • Opcode Fuzzy Hash: dd25f11f42851f3553b9b6eda5e148bc6a7380405693cde1455446072bdc424b
    • Instruction Fuzzy Hash: 4A218D31B18292C6FA50BA13A9047BAA661FF45BD4F885530EE4D8F786EE3CE0458740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6C4DC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 4f0cf036759396bee00a5ffdbac8b9ba3dd48d89bd34ec8e772c9ccb7d351480
    • Instruction ID: 519521f2661fe36f4fc74b3e6ebb9aa0d33baf2b7f22e2e90e6fcd58b3c99fa8
    • Opcode Fuzzy Hash: 4f0cf036759396bee00a5ffdbac8b9ba3dd48d89bd34ec8e772c9ccb7d351480
    • Instruction Fuzzy Hash: 4F315C71A18682C6EA25BB5A884137C3A74AF84B94F414335EA5D8F3D2FE7CF4818791
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6A4D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: HandleModule$AddressFreeLibraryProc
    • String ID:
    • API String ID: 3947729631-0
    • Opcode ID: 1e818ce3d7a60ac953b6edb356e5c611bf03bd3223dab8e8a1ec707a6cadd3f1
    • Instruction ID: 908e3b21572fbd5bee7c5937bd7fdf71f20d0236ac6f4f595b109224a7aa48c2
    • Opcode Fuzzy Hash: 1e818ce3d7a60ac953b6edb356e5c611bf03bd3223dab8e8a1ec707a6cadd3f1
    • Instruction Fuzzy Hash: AA217C72A04792CAEB24EF65C440AAC33B0EB04718F441736D79C8AAC5FF38D584CB80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD66A88 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
    • Instruction ID: f60a80555d486304560c4425fabef9fbcdb6cd612dc5517ac6ca364c23c0c0f1
    • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
    • Instruction Fuzzy Hash: 17114D21A1C6C2C1EA60BF52940127DB3B4AF85B84F154672FA8C8F68AEF3DE54087C0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD7728C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 5a2fd61d2380c2417d5794f115bbf4a656e75441d4a409d8b240f29f696bd49a
    • Instruction ID: 0898289e7de12c33cfb50720aeead139ce27069719f6b6eb6d1ca07f7796dcac
    • Opcode Fuzzy Hash: 5a2fd61d2380c2417d5794f115bbf4a656e75441d4a409d8b240f29f696bd49a
    • Instruction Fuzzy Hash: 9C219532E18A81F6DB61AF19D44077977B0EB84B54F244735EA6D8B6DAEF3DE4008B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD60ADC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: f9b91d952c5f5bbb27c286856a89106101f2e0992174c8f8af0f54b7d3c9b46c
    • Instruction ID: d0e79cdd0c367dd7c7d2a6e59db4e8021ab9c8830e57cf8f3a8392564d8b8d03
    • Opcode Fuzzy Hash: f9b91d952c5f5bbb27c286856a89106101f2e0992174c8f8af0f54b7d3c9b46c
    • Instruction Fuzzy Hash: 68017021A0878180EA04AB57590007DB6B5AB85FE4F188731EE6C9BBDAEE3CE4418340
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF66DD56EF0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: AddressProc
    • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
    • API String ID: 190572456-2208601799
    • Opcode ID: d06a92813886bac4db22892db141582495630975dbcfbb846e36d04df9038670
    • Instruction ID: df1385bed10533ec1502250a4dd2a69df66956bba9eaf149fc1efa7e1ede3cff
    • Opcode Fuzzy Hash: d06a92813886bac4db22892db141582495630975dbcfbb846e36d04df9038670
    • Instruction Fuzzy Hash: F2E17165E4DB03F0FA65AB18EC501B863B5AF09794BA46775C80ECE6A4FF7CB5488340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD74CFC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
    • API String ID: 808467561-2761157908
    • Opcode ID: ee6ddb9c22397a02ef7f89c4ae9451cd5ee51806b236cf38c383584f5dc4b0f7
    • Instruction ID: 6d7355039455cf1f713075e28824309924139d6b890b9c22e6a474a8f3eeb27f
    • Opcode Fuzzy Hash: ee6ddb9c22397a02ef7f89c4ae9451cd5ee51806b236cf38c383584f5dc4b0f7
    • Instruction Fuzzy Hash: 76B2B072E18292DBE7659E64D440BFD37B1FB54388F505275DA0E9BA88EF38F9008B41
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD58560 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(00000000,00007FF66DD52A3E,?,?,?,?,?,?,?,?,?,?,?,00007FF66DD5101D), ref: 00007FF66DD58587
    • FormatMessageW.KERNEL32 ref: 00007FF66DD585B6
    • WideCharToMultiByte.KERNEL32 ref: 00007FF66DD5860C
      • Part of subcall function 00007FF66DD529C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF66DD588E2,?,?,?,?,?,?,?,?,?,?,?,00007FF66DD5101D), ref: 00007FF66DD529F4
      • Part of subcall function 00007FF66DD529C0: MessageBoxW.USER32 ref: 00007FF66DD52AD0
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ErrorLastMessage$ByteCharFormatMultiWide
    • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
    • API String ID: 2920928814-2573406579
    • Opcode ID: 341253ed490ea0d4c0f2cc2c63e3841e2b0994626e2ed60ed720fa43fab6ebbb
    • Instruction ID: bdad204379dca7b3eb588a518e48bd9b236e80898e1f47dca20a1f91673afc38
    • Opcode Fuzzy Hash: 341253ed490ea0d4c0f2cc2c63e3841e2b0994626e2ed60ed720fa43fab6ebbb
    • Instruction Fuzzy Hash: 30213E71A18A43D6F760AB15E8542AA63B5FF88388F840235E64DCB6A5FF3CE545CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD57950 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
    Download Yara Rule
    APIs
    • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF66DD5153F), ref: 00007FF66DD579E7
      • Part of subcall function 00007FF66DD57B60: GetEnvironmentVariableW.KERNEL32(00007FF66DD539FF), ref: 00007FF66DD57B9A
      • Part of subcall function 00007FF66DD57B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF66DD57BB7
      • Part of subcall function 00007FF66DD683CC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF66DD683E5
    • SetEnvironmentVariableW.KERNEL32 ref: 00007FF66DD57AA1
      • Part of subcall function 00007FF66DD52B10: MessageBoxW.USER32 ref: 00007FF66DD52BE5
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
    • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
    • API String ID: 3752271684-1116378104
    • Opcode ID: b3ba5fb110bb78c08d96a576f6c74f520d24942c7ac6f285bbb95a8c69523cbf
    • Instruction ID: 93976315af1a0a025ef41444508f7992f8a496d2e9460ce8bb3bc66a38655034
    • Opcode Fuzzy Hash: b3ba5fb110bb78c08d96a576f6c74f520d24942c7ac6f285bbb95a8c69523cbf
    • Instruction Fuzzy Hash: 88514A21F09653E1FE14BA26A8152BE62619F85BC0F549635ED0ECF797FE2CF4418780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5A55D Relevance: 12.0, Strings: 9, Instructions: 745COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
    • API String ID: 0-2665694366
    • Opcode ID: 212d86a86c8cb6d9fc903fcdabd382662a83ce4cb1445b9d6573bc2018cf14a4
    • Instruction ID: 7e15962447238efe2562ab4589014baeb2bdce33792d1a2c92b4ab07ce1c6378
    • Opcode Fuzzy Hash: 212d86a86c8cb6d9fc903fcdabd382662a83ce4cb1445b9d6573bc2018cf14a4
    • Instruction Fuzzy Hash: 1452D272A146B68BE7A49F14D458F7E3BB9FB44340F415239E64A8B780EF38E844CB50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5C6AC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 3140674995-0
    • Opcode ID: f0495aeca64e737fa0ff218dd5454e1fd46196f668a698fc407bc1dcdf963f54
    • Instruction ID: ee45241a5c69fda9f0f32c363da9164278d0804bb328169f02e5f7fcbc03e735
    • Opcode Fuzzy Hash: f0495aeca64e737fa0ff218dd5454e1fd46196f668a698fc407bc1dcdf963f54
    • Instruction Fuzzy Hash: 1A312F72609B81DAEB60AF64E8407ED7374FB84744F44413ADA4E8BB95EF38D648C714
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD76950 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
    Download Yara Rule
    APIs
    • _get_daylight.LIBCMT ref: 00007FF66DD76995
      • Part of subcall function 00007FF66DD762E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF66DD762FC
      • Part of subcall function 00007FF66DD6B4EC: HeapFree.KERNEL32(?,?,?,00007FF66DD73972,?,?,?,00007FF66DD739AF,?,?,00000000,00007FF66DD73E75,?,?,00000000,00007FF66DD73DA7), ref: 00007FF66DD6B502
      • Part of subcall function 00007FF66DD6B4EC: GetLastError.KERNEL32(?,?,?,00007FF66DD73972,?,?,?,00007FF66DD739AF,?,?,00000000,00007FF66DD73E75,?,?,00000000,00007FF66DD73DA7), ref: 00007FF66DD6B50C
      • Part of subcall function 00007FF66DD6B4A4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF66DD6B483,?,?,?,?,?,00007FF66DD636AC), ref: 00007FF66DD6B4AD
      • Part of subcall function 00007FF66DD6B4A4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF66DD6B483,?,?,?,?,?,00007FF66DD636AC), ref: 00007FF66DD6B4D2
    • _get_daylight.LIBCMT ref: 00007FF66DD76984
      • Part of subcall function 00007FF66DD76348: _invalid_parameter_noinfo.LIBCMT ref: 00007FF66DD7635C
    • _get_daylight.LIBCMT ref: 00007FF66DD76BFA
    • _get_daylight.LIBCMT ref: 00007FF66DD76C0B
    • _get_daylight.LIBCMT ref: 00007FF66DD76C1C
    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF66DD76E5C), ref: 00007FF66DD76C43
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
    • String ID:
    • API String ID: 4070488512-0
    • Opcode ID: 68b999f229cb279b771c9b6526825656b60bb96bc74b06700145a25f32af5fee
    • Instruction ID: 2fbf1bdc6e00496ccc14d81b2489497bf4053d8fc0beaac34466dc4fbc8571f1
    • Opcode Fuzzy Hash: 68b999f229cb279b771c9b6526825656b60bb96bc74b06700145a25f32af5fee
    • Instruction Fuzzy Hash: 4AD1A022A08252E6E7A0BF26D8515BD7771EF44784F858235EA4D8FA96FF3CF4418780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6B1B8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: fd667905384e7d9d9673078d4bc89f495a5f33449598c9bf886212c96aaa5de2
    • Instruction ID: 4bb27533f1e69f046096a890513fa727abf4ee649e1dd348da236fc3f63d5d6d
    • Opcode Fuzzy Hash: fd667905384e7d9d9673078d4bc89f495a5f33449598c9bf886212c96aaa5de2
    • Instruction Fuzzy Hash: 86316F32608B81D6EB60DF69E8406AE73B4FB88754F540236EA9D87B95EF3CD145CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD724C4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: FileFindFirst_invalid_parameter_noinfo
    • String ID:
    • API String ID: 2227656907-0
    • Opcode ID: 39d91788d0b19d495b26843577507a1cf0f08a93b845adaf621480a5b236d061
    • Instruction ID: e8705781d685a4bb5253dead8a40b64a4eb9b2ca8b36caa8eb4c13b7729425e1
    • Opcode Fuzzy Hash: 39d91788d0b19d495b26843577507a1cf0f08a93b845adaf621480a5b236d061
    • Instruction Fuzzy Hash: 4AB1B222B186D2D1EA71AB2699101BD6B74FB44BE8F445272EA4D8FBC5FE3CF4418300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD76BCC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
    Download Yara Rule
    APIs
    • _get_daylight.LIBCMT ref: 00007FF66DD76BFA
      • Part of subcall function 00007FF66DD76348: _invalid_parameter_noinfo.LIBCMT ref: 00007FF66DD7635C
    • _get_daylight.LIBCMT ref: 00007FF66DD76C0B
      • Part of subcall function 00007FF66DD762E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF66DD762FC
    • _get_daylight.LIBCMT ref: 00007FF66DD76C1C
      • Part of subcall function 00007FF66DD76318: _invalid_parameter_noinfo.LIBCMT ref: 00007FF66DD7632C
      • Part of subcall function 00007FF66DD6B4EC: HeapFree.KERNEL32(?,?,?,00007FF66DD73972,?,?,?,00007FF66DD739AF,?,?,00000000,00007FF66DD73E75,?,?,00000000,00007FF66DD73DA7), ref: 00007FF66DD6B502
      • Part of subcall function 00007FF66DD6B4EC: GetLastError.KERNEL32(?,?,?,00007FF66DD73972,?,?,?,00007FF66DD739AF,?,?,00000000,00007FF66DD73E75,?,?,00000000,00007FF66DD73DA7), ref: 00007FF66DD6B50C
    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF66DD76E5C), ref: 00007FF66DD76C43
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
    • String ID:
    • API String ID: 3458911817-0
    • Opcode ID: 4da564cbe2ed5f93640d02b0843b0d4a4af145672d7b9370a807429b4dc33e70
    • Instruction ID: 386615d9e0a80abf90a472fcbc1ec3a74e0fccecc4b68d77e90dd9429fe548ee
    • Opcode Fuzzy Hash: 4da564cbe2ed5f93640d02b0843b0d4a4af145672d7b9370a807429b4dc33e70
    • Instruction Fuzzy Hash: DA512B22A18642D6E760FF62D8915AD6B70BB48784F854275EA4DCBA96FF3CF4408780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5C590 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
    • String ID:
    • API String ID: 2933794660-0
    • Opcode ID: c9256d3c29dec7defdbd069e132950cc3752c5933af8d37e6b370c711f310d19
    • Instruction ID: e67a01947307f3f1ceed2138c4de3ba1875f003613286f4816df3c2fccbb99e7
    • Opcode Fuzzy Hash: c9256d3c29dec7defdbd069e132950cc3752c5933af8d37e6b370c711f310d19
    • Instruction Fuzzy Hash: 01111822B54B01DAEB009BA4E8547A833B4FB19758F441E31DA6D8A7A4EF78E1948340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD74860 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: memcpy_s
    • String ID:
    • API String ID: 1502251526-0
    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
    • Instruction ID: 4a6dbd71ae6092cd6c706e31d85cfead9b73525af4dc3add50745cf5494c3af6
    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
    • Instruction Fuzzy Hash: 80C1F572B18686D7E7259F1AA04466AB7A1F788784F458239DB4A8B744EF3DF801CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD59D2B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID: $header crc mismatch$unknown header flags set
    • API String ID: 0-1127688429
    • Opcode ID: 326cf6427d5bf0e9376a5910f25170e202e1497fb5a723acb88e47d2bece8f14
    • Instruction ID: 15a3b2d94ca46d32b9f1d9db3fba7142cbb68c2b3125b746969150f0111218ff
    • Opcode Fuzzy Hash: 326cf6427d5bf0e9376a5910f25170e202e1497fb5a723acb88e47d2bece8f14
    • Instruction Fuzzy Hash: 0AF19272A183D5CBE7A5AB18C488F3E7AB9EF44744F055639DA498B390EF38E540CB50
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD7A5D8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ExceptionRaise_clrfp
    • String ID:
    • API String ID: 15204871-0
    • Opcode ID: 48b97647827edafc3b78799631f3641f64fd5a0bbb932a3008f366d071470ff1
    • Instruction ID: 660dcd4fbcb410bb57b74391f8eda193f716fb5bef59b832f6177ee88b348ab4
    • Opcode Fuzzy Hash: 48b97647827edafc3b78799631f3641f64fd5a0bbb932a3008f366d071470ff1
    • Instruction Fuzzy Hash: 80B14977A00B89CAEB15CF29C8467683BB0F744B48F159A72DA5D8B7A4DF39E452C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD58AF0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Find$CloseFileFirst
    • String ID:
    • API String ID: 2295610775-0
    • Opcode ID: b4e9d4f2f4e135cd5a826bc565e92bc8980f88c43f5a21f71a862fe531212b02
    • Instruction ID: 287781b3a3e4277eab4af194de3667d1d4d4b8fe868fd375041f01740dcb244b
    • Opcode Fuzzy Hash: b4e9d4f2f4e135cd5a826bc565e92bc8980f88c43f5a21f71a862fe531212b02
    • Instruction Fuzzy Hash: 1CF04472A18685CAFB60AF64E4497667361FB44724F044735DA6D4A6D4FF3CE1188B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD640C4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID: $
    • API String ID: 0-227171996
    • Opcode ID: 844ebbe57181a3840fd0e5f6d674fc9b0496702e201a79bd656eeeac4e9c6a5b
    • Instruction ID: 471aff4472c10a73dd185d44b62e6aaf0aa0d1c18b73fb6855cd49a841d4af29
    • Opcode Fuzzy Hash: 844ebbe57181a3840fd0e5f6d674fc9b0496702e201a79bd656eeeac4e9c6a5b
    • Instruction Fuzzy Hash: FFE19432A0C686C5EB68AE26816053D33B4FF5DF48F245335DA4E8B694EF2DE851C780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD59B8B Relevance: 2.7, Strings: 2, Instructions: 218COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID: incorrect header check$invalid window size
    • API String ID: 0-900081337
    • Opcode ID: eff0553be1f10ec537251e961509bf2a8d4d677e3d27bfe4c15f043eb5d22666
    • Instruction ID: 9e8c800fdbcec196ef3af41674d268e3bffb41e4ad5ff1dd41d8fcc28ad77c93
    • Opcode Fuzzy Hash: eff0553be1f10ec537251e961509bf2a8d4d677e3d27bfe4c15f043eb5d22666
    • Instruction Fuzzy Hash: 6A916672A182D5C7E7A5AF14D498F3E3ABDFB45354F115239DA5A8A6C0EF38E540CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6EA90 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID: e+000$gfff
    • API String ID: 0-3030954782
    • Opcode ID: 9f37f6886a50983af1edbeb5304d9c5a1724e2c4f55c2eaeb36ad1928fa03086
    • Instruction ID: ad41ca31bf3637f5a7006d4ad8efb96223d6e3dfccb6dc561ae233a882336159
    • Opcode Fuzzy Hash: 9f37f6886a50983af1edbeb5304d9c5a1724e2c4f55c2eaeb36ad1928fa03086
    • Instruction Fuzzy Hash: 06513422B186C586E7249E3A9C0176DBBA1F744B94F48D331CAA8CFAC5EE3DE4458740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD71518 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: CurrentFeaturePresentProcessProcessor
    • String ID:
    • API String ID: 1010374628-0
    • Opcode ID: 3a6f23c9973ea05008b0ab19088ab645339660b6d16710ffb7d1eefd6a3e1d73
    • Instruction ID: 8c8cbaabdf2e6b7336f1af35b7cff1f21ae87cf73d1667b460be9a85ad29697d
    • Opcode Fuzzy Hash: 3a6f23c9973ea05008b0ab19088ab645339660b6d16710ffb7d1eefd6a3e1d73
    • Instruction Fuzzy Hash: 83026E21A1D692E0FA65BF22942127926B8AF41B90F595775ED6DCF3D2FE3DF4028300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6E5FC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID: gfffffff
    • API String ID: 0-1523873471
    • Opcode ID: 7476b0d7411414aadaa87b929f11621b17e9f2f3721f3962e4b0dff9c83324f6
    • Instruction ID: b84c36c6cc7486cbe17a9aa35d4bed913b208c537494e4a17056b2f88ae782cb
    • Opcode Fuzzy Hash: 7476b0d7411414aadaa87b929f11621b17e9f2f3721f3962e4b0dff9c83324f6
    • Instruction Fuzzy Hash: 7BA14662A087D5C6EB21DB2AA8007AD7BA0AB507C4F04C232DE9DCB795EE3DE505C741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD68CB0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: TMP
    • API String ID: 3215553584-3125297090
    • Opcode ID: 1f787d85f28bda76f51a36d7e0584dddc950fc50dd77ffebb8b3d4204956afe2
    • Instruction ID: 41603aecd232b841c42b9478a9f8f1b0e81ae692362351078bb8e8a7c6f9c32e
    • Opcode Fuzzy Hash: 1f787d85f28bda76f51a36d7e0584dddc950fc50dd77ffebb8b3d4204956afe2
    • Instruction Fuzzy Hash: A151AC11B08682D1FA68BA67990117E76B5AF56B88F484335DE0ECF7D2FE3CE4424380
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD740D0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 9cb1cd12b35fa318c4a8e0929622bdae7cba3dd6c324a68b4e8dcf83c52a71e5
    • Instruction ID: 3f8a878a5e6b582c8e9ee1b20f95078dea7cc311a92d2f563f94e8e50151b30b
    • Opcode Fuzzy Hash: 9cb1cd12b35fa318c4a8e0929622bdae7cba3dd6c324a68b4e8dcf83c52a71e5
    • Instruction Fuzzy Hash: 62B09220E07A42C6EA083B15AC8221422B47F48B10FD44278C50C8D320EE2C21B54701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD63CC0 Relevance: .3, Instructions: 327COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 14b18484ab84efb2998c80e56806d0f7f7a775c3760978dbb041d68280269385
    • Instruction ID: 2460c886c11de6d0de18d6291fb719f1b855a5d8f3a348d552d23d4c7bd98f5e
    • Opcode Fuzzy Hash: 14b18484ab84efb2998c80e56806d0f7f7a775c3760978dbb041d68280269385
    • Instruction Fuzzy Hash: 98D1B322A0C6C2C6EB68EE6BC15027D37B0AF45B48F185335CE0D8B695EF3AD855C780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD590C0 Relevance: .3, Instructions: 287COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e5e7c7d6f5738ce9ae6dae89df256b28c6339b9d8c2370fd2cf9ecf49eca8280
    • Instruction ID: ae5130855c90af775bf8b9046fb9102e2a076c61bfaef375623b017d7634bb89
    • Opcode Fuzzy Hash: e5e7c7d6f5738ce9ae6dae89df256b28c6339b9d8c2370fd2cf9ecf49eca8280
    • Instruction Fuzzy Hash: 15C1A5722241E18BD2C9EB39E46947AB7E1FB88349FC4413AEB8747B85CA3CE115D710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD63330 Relevance: .2, Instructions: 241COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7c9ed06f36b3d533f088c72f27e683e59507fd20484e083b1e58df30cf10ceb8
    • Instruction ID: 3d5b4d844168e002b60da82afe34651576389d771b6d12f01e163c8032630152
    • Opcode Fuzzy Hash: 7c9ed06f36b3d533f088c72f27e683e59507fd20484e083b1e58df30cf10ceb8
    • Instruction Fuzzy Hash: BEB13A72A087C5C5E7659F2AC05423D7BB4E74AB48F284235CB4E8B395EF3AE441C790
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6F110 Relevance: .2, Instructions: 198COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0e5c34987f7a9ca6c6679c1ebbd58ec90466e7178802fc144f73f7d44e403847
    • Instruction ID: 76568f68169167ef24c42acdbc6a5a6fa67f7fef63af9a95dd49f9a067028cf8
    • Opcode Fuzzy Hash: 0e5c34987f7a9ca6c6679c1ebbd58ec90466e7178802fc144f73f7d44e403847
    • Instruction Fuzzy Hash: B581D472A08BC186E774DF2A944076E7AA1FB897D4F544335DA9D8BB89EF3CD4008B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD77350 Relevance: .2, Instructions: 183COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 4bcb7fea4aa58ec1e83bb0a718aef7bf1dc42f5110259d120146a0bda132328e
    • Instruction ID: ac0c1adade64074371447b0dc9d9e8b3e1f9f5da8db0f6116c734e68e3207ff1
    • Opcode Fuzzy Hash: 4bcb7fea4aa58ec1e83bb0a718aef7bf1dc42f5110259d120146a0bda132328e
    • Instruction Fuzzy Hash: 8D61F622F1C292F6FB64AA29844033D6AA5EF40364F150BB9DB5DCE6D1FE6DF8418740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD62884 Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
    • Instruction ID: a63446933fd5d45d4ed58a4c552ac67f57a8a0d3251bb72c9bccc403a9264a46
    • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
    • Instruction Fuzzy Hash: 43517876A18695C1E7349B2AC04423C3BB0EB95B5CF244231DE8D9B798DF3AE843C780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD62064 Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
    • Instruction ID: fd309f24cf9c24200721ca65f9a0746ed7155196c27e7a6a4124fdbe64b0cfbb
    • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
    • Instruction Fuzzy Hash: 23514476A18692C5E7349B2AC44472C3BB1EB55B6CF244231CE4D9B794DF3AE843C780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD62474 Relevance: .1, Instructions: 146COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
    • Instruction ID: b06109df41ec4ebb7a6ea509f9f2fad2d3ce6076183bbc597a2388cbbac2108b
    • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
    • Instruction Fuzzy Hash: 18518436A18691C2E7349B2AC05422C3BB0EB55F5CF244231CE4D9BB94EF3AE842C7C0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD62680 Relevance: .1, Instructions: 145COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
    • Instruction ID: ebf4324c8ccb21ef2ca9032c48d402e725b85a59841b92b0f6999eb821119466
    • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
    • Instruction Fuzzy Hash: BC517336A186D1C6E7349B2AC45467C3BB1EB54B5CF244231CE4C9B7A4EF3AE842C780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD61E60 Relevance: .1, Instructions: 145COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
    • Instruction ID: 2325d3b22c477bcc618f044a26189e81e3d311070ebea4b0fe1ec1401a0d0062
    • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
    • Instruction Fuzzy Hash: 88517036A18A92C6E7349B2AC04433C77B1EB54B58F244231DE4D9B795EF3AE847C780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD62270 Relevance: .1, Instructions: 145COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
    • Instruction ID: 47564823ea32a766613b95b4d82475fca2a69b784713dbd7f8f25954c6600267
    • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
    • Instruction Fuzzy Hash: 78516576A18691C5E7349B2AC04062C3BB0EB59F5CF644235CE4D9F799EF3AE852C780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD66510 Relevance: .1, Instructions: 138COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
    • Instruction ID: e92a37c76df52a12f6378b9684cbdac2f8c5e9d7f197015dc62e9944f439dec8
    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
    • Instruction Fuzzy Hash: B541E862C097CAC4ED95995A05007BC36A19F62BA0D1813F4EE9A9F3CBFD0D799683C0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6AA10 Relevance: .1, Instructions: 126COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ErrorFreeHeapLast
    • String ID:
    • API String ID: 485612231-0
    • Opcode ID: 7d3e4d8fa8e82e1d65e056e10a1cd71db2df39a2122d24cd2b56d782eb366f8f
    • Instruction ID: 558db2492831b107f076397dcf46abf724848f473feec574d3388f4da2aa47f4
    • Opcode Fuzzy Hash: 7d3e4d8fa8e82e1d65e056e10a1cd71db2df39a2122d24cd2b56d782eb366f8f
    • Instruction Fuzzy Hash: AD41E022714A9486EF04DF6AD91466973A2FB48FC4F09A132EE4DDBB58EE3CD4428300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD68278 Relevance: .1, Instructions: 98COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9a995e5fc84bafd528f225b35c170f98e6cc3b92f214e8a834a3db34d2346d02
    • Instruction ID: 31299288163b0f15d0e27fbed2e17107755ffec2ea41d71415cbe77eb85948f0
    • Opcode Fuzzy Hash: 9a995e5fc84bafd528f225b35c170f98e6cc3b92f214e8a834a3db34d2346d02
    • Instruction Fuzzy Hash: 76315432B18B81C1E664EF26644013D76A5AB85B90F144338EA8DDBBD6EF3CE4128744
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD7A420 Relevance: .0, Instructions: 32COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4aa2e9ba6296ea42dd861dc7f4a70719f263379b300c18e22927abb196144ca8
    • Instruction ID: 2af40ae80af5d3c9f6f04b3aed4f5569270546e253f6da61b0b782828ad4334b
    • Opcode Fuzzy Hash: 4aa2e9ba6296ea42dd861dc7f4a70719f263379b300c18e22927abb196144ca8
    • Instruction Fuzzy Hash: B6F06871B18255CADBA89F6DE4126297BE0F708384F80853DD58DCFB04DA3D90508F04
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5C88C Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ba86f607178f2dc3ef803bbc4180c5da227c40ec501de79dfe2d660df2792ade
    • Instruction ID: 75ff808408a1c986701d781c0d2af3f1580de92bb0fe62a1ee3fc11442b83f83
    • Opcode Fuzzy Hash: ba86f607178f2dc3ef803bbc4180c5da227c40ec501de79dfe2d660df2792ade
    • Instruction Fuzzy Hash: 26A0023194CC42E8F644BB0CEC500302770FB50312B8002B5D40EC94A0BF3CB540C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD551E0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: AddressProc
    • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
    • API String ID: 190572456-4266016200
    • Opcode ID: 0f541286951d05cfde1ee621bc5578c8d1597a0a29c56f9860b2b78389049273
    • Instruction ID: 79d0cbfe4ed082245aabc9b886c08c19cdf4e7f7d8d3ce076dfa6710859379cc
    • Opcode Fuzzy Hash: 0f541286951d05cfde1ee621bc5578c8d1597a0a29c56f9860b2b78389049273
    • Instruction Fuzzy Hash: 1E126165A4EB03E0FA56FF18A8505B423B1AF88751B946775C81ECE2A4FF7CB548C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD51700 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Message
    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
    • API String ID: 2030045667-3833288071
    • Opcode ID: 5bf43b9ab711587773a46785ec42c3c65c14bbb310814db4e1e82add9540f615
    • Instruction ID: 907dbf2788b5f80fc0fae3951705da826dcb928694bfcab1bd11d3523dd6c062
    • Opcode Fuzzy Hash: 5bf43b9ab711587773a46785ec42c3c65c14bbb310814db4e1e82add9540f615
    • Instruction Fuzzy Hash: 69515871B08642D6EA20BF1AE4406B977B1EF45BD4F444631DE1D8FA96FF2CE5498700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD512A0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Message_fread_nolock
    • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
    • API String ID: 3065259568-2316137593
    • Opcode ID: e6fbfd7a88a3acd3220cec0b2b42a85d2d63ccd497967aa48f586f71ada1ce5b
    • Instruction ID: 2db01d8ab90c1bd093b1c89bb9069f5f1793b16df5f2a7c9134298d5f5c15f70
    • Opcode Fuzzy Hash: e6fbfd7a88a3acd3220cec0b2b42a85d2d63ccd497967aa48f586f71ada1ce5b
    • Instruction Fuzzy Hash: DA519D31A08683D6EA20BB16A8516FA73B4EF447C4F405231EE5DCBA9AFE7CE4458740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD523D0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
    • String ID: P%
    • API String ID: 2147705588-2959514604
    • Opcode ID: 4ec0923ad57b9e26d950b98539eabaaac0ee0779749769c2f3ee915382542b09
    • Instruction ID: 8c0d3d486f279937aaba37f6d8620b0118103d2eb0b5c427be03820cabfcb89a
    • Opcode Fuzzy Hash: 4ec0923ad57b9e26d950b98539eabaaac0ee0779749769c2f3ee915382542b09
    • Instruction Fuzzy Hash: 4151C8366147A1C6D634AF26E4181BAB7B1F798B65F004235EBCE87694EF3CE085DB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD66D84 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: -$:$f$p$p
    • API String ID: 3215553584-2013873522
    • Opcode ID: f37731288347d64e2d3011cd538038f3f04169e152bcb0d828a74818e0b48390
    • Instruction ID: dd344fe71652fbc40eb34917e76b277d2d2982ce1a7d15b9f6641a81d2dd65dd
    • Opcode Fuzzy Hash: f37731288347d64e2d3011cd538038f3f04169e152bcb0d828a74818e0b48390
    • Instruction Fuzzy Hash: 7E129221E0C1CBE6FB207A16D15467D7675FB80754F944236EA998EAC8FF3CE4908B90
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD616E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: f$f$p$p$f
    • API String ID: 3215553584-1325933183
    • Opcode ID: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
    • Instruction ID: 8a9ae97ef948b97182bb058cec2a86297d3a11656412870591804cec906b75fb
    • Opcode Fuzzy Hash: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
    • Instruction Fuzzy Hash: 53129222E0C1C3C6FB60BB56D0546BD76B1FB91754F884632E6998A6C4EF3CE4858B80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD51590 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Message
    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
    • API String ID: 2030045667-3659356012
    • Opcode ID: 49147764f31c004b29695ab1ecca4140ab6d42c7e57b4c61b66495af9e1e673c
    • Instruction ID: 351c06621e8d7ff8f5b39d1746e0d1992f45754492cdb1cd8931174778f5902f
    • Opcode Fuzzy Hash: 49147764f31c004b29695ab1ecca4140ab6d42c7e57b4c61b66495af9e1e673c
    • Instruction Fuzzy Hash: 46315B31B48683D6EA24BF16A4405BA73B0EB447D4F884632DE4E8FA55FE7CF5468700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD58080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
    • String ID: CreateProcessW$Error creating child process!
    • API String ID: 2895956056-3524285272
    • Opcode ID: 3741643826c5352320942fbf43c5de1d0e179915c125a0ccfc2097356f541c1c
    • Instruction ID: 4da5908cf2117436da508eefc349207a7e779e0a06fa9c28b24403eed8c072c8
    • Opcode Fuzzy Hash: 3741643826c5352320942fbf43c5de1d0e179915c125a0ccfc2097356f541c1c
    • Instruction Fuzzy Hash: AF414431A08BC2D5DA20AB25E4452AEB3B4FF94364F500735E6AD8BBD5EF7CD0448B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5F120 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 849930591-393685449
    • Opcode ID: 5c4a38c8f57a926daa469fe7fda771022afe3b7785d2be7659b7c9bcf00e9d14
    • Instruction ID: 186dcd92f3865d5759014ef1a66241d11e3d9d6c2f624de8c08d33315ff19ee2
    • Opcode Fuzzy Hash: 5c4a38c8f57a926daa469fe7fda771022afe3b7785d2be7659b7c9bcf00e9d14
    • Instruction Fuzzy Hash: A5D15B72A08742CAEB60AF75D4402AD77B4FB55798F100235EA8D9FB96EF38E491C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD51050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Message
    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
    • API String ID: 2030045667-2813020118
    • Opcode ID: 78c83a4bffb7f7d0efbc50818c1eaec615024630e109283ba17c9c5b37e430ab
    • Instruction ID: bcee640faa93b2cc0436ff93d783528ffb0ec4b5c7f0209795bf755361379778
    • Opcode Fuzzy Hash: 78c83a4bffb7f7d0efbc50818c1eaec615024630e109283ba17c9c5b37e430ab
    • Instruction Fuzzy Hash: 8F51A932A09682C5EA20BF56E4417BA72A1FB84798F444235EE4ECB796FE3CE545C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6F7B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • FreeLibrary.KERNEL32(?,?,?,00007FF66DD6FB4A,?,?,-00000018,00007FF66DD6B8F7,?,?,?,00007FF66DD6B7EE,?,?,?,00007FF66DD66A32), ref: 00007FF66DD6F92C
    • GetProcAddress.KERNEL32(?,?,?,00007FF66DD6FB4A,?,?,-00000018,00007FF66DD6B8F7,?,?,?,00007FF66DD6B7EE,?,?,?,00007FF66DD66A32), ref: 00007FF66DD6F938
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: AddressFreeLibraryProc
    • String ID: api-ms-$ext-ms-
    • API String ID: 3013587201-537541572
    • Opcode ID: 50fc87d62c39ae03e22a26114dde782de41cd8fd571e56f0271d50297936ec9a
    • Instruction ID: e77bd1c5f62365aee8fe014f10f4f520ad4e6c08b6f06afb8759b38675930b9b
    • Opcode Fuzzy Hash: 50fc87d62c39ae03e22a26114dde782de41cd8fd571e56f0271d50297936ec9a
    • Instruction Fuzzy Hash: C341AD62B59A42D5FA16EB27A8006B923A5BF49BD0F494335DD0DCF784FE3CE4458380
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD587A0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
    Download Yara Rule
    APIs
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF66DD5101D), ref: 00007FF66DD58837
    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF66DD5101D), ref: 00007FF66DD5888E
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ByteCharMultiWide
    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
    • API String ID: 626452242-27947307
    • Opcode ID: 3cbf7e68bc59ef73436adbb022304ace8745ffa10feb47800d683f6d14593b66
    • Instruction ID: a044232374c15c2e1a42250c2c62b85adc377328cd6696a88a0ab187502cfd38
    • Opcode Fuzzy Hash: 3cbf7e68bc59ef73436adbb022304ace8745ffa10feb47800d683f6d14593b66
    • Instruction Fuzzy Hash: 4F414C32A18B82C2E660EF15B84017ABAB1FB84794F544235DA8DCBB95FF3CE455CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD58CE0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
    Download Yara Rule
    APIs
    • WideCharToMultiByte.KERNEL32(?,00007FF66DD539CA), ref: 00007FF66DD58D21
      • Part of subcall function 00007FF66DD529C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF66DD588E2,?,?,?,?,?,?,?,?,?,?,?,00007FF66DD5101D), ref: 00007FF66DD529F4
      • Part of subcall function 00007FF66DD529C0: MessageBoxW.USER32 ref: 00007FF66DD52AD0
    • WideCharToMultiByte.KERNEL32(?,00007FF66DD539CA), ref: 00007FF66DD58D95
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ByteCharMultiWide$ErrorLastMessage
    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
    • API String ID: 3723044601-27947307
    • Opcode ID: cdc817edca651c55abaac523045c67828908e02529da1e8e0e30dd665938bc79
    • Instruction ID: d6588e972d5a5f7a6f74919e27c193234b15260141a3e2f5e192ad9553bb7c2c
    • Opcode Fuzzy Hash: cdc817edca651c55abaac523045c67828908e02529da1e8e0e30dd665938bc79
    • Instruction Fuzzy Hash: 21217C35A18B83D9EA10EF26A8401A977B1EB94B94F544336CA4ECB795FF3CE5058700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD575A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo$_fread_nolock
    • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
    • API String ID: 3231891352-3501660386
    • Opcode ID: 51b22534cb803c03e450a57b029b0a775e20f1c8180d52c71903a8c39a76eea3
    • Instruction ID: 9446787a3f7ebd16575e2355c93eddda9b40074919e5f2d233bdf1614d19e399
    • Opcode Fuzzy Hash: 51b22534cb803c03e450a57b029b0a775e20f1c8180d52c71903a8c39a76eea3
    • Instruction Fuzzy Hash: 2A516D35E1D683E5FA61BB26A9102B962B1DF84BC0F548331E90DCF6D6FE6CE5058780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5E1B8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF66DD5E46A,?,?,?,00007FF66DD5D39C,?,?,?,00007FF66DD5CF91), ref: 00007FF66DD5E23D
    • GetLastError.KERNEL32(?,?,?,00007FF66DD5E46A,?,?,?,00007FF66DD5D39C,?,?,?,00007FF66DD5CF91), ref: 00007FF66DD5E24B
    • LoadLibraryExW.KERNEL32(?,?,?,00007FF66DD5E46A,?,?,?,00007FF66DD5D39C,?,?,?,00007FF66DD5CF91), ref: 00007FF66DD5E275
    • FreeLibrary.KERNEL32(?,?,?,00007FF66DD5E46A,?,?,?,00007FF66DD5D39C,?,?,?,00007FF66DD5CF91), ref: 00007FF66DD5E2E3
    • GetProcAddress.KERNEL32(?,?,?,00007FF66DD5E46A,?,?,?,00007FF66DD5D39C,?,?,?,00007FF66DD5CF91), ref: 00007FF66DD5E2EF
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Library$Load$AddressErrorFreeLastProc
    • String ID: api-ms-
    • API String ID: 2559590344-2084034818
    • Opcode ID: 525887afc6986384a1777d0c8198f2eafd939100db725deedb62a7a51ad00a5e
    • Instruction ID: 164ad54d866f397b8400f1fecc5c3e11817c647353b52930fd3d1d15ca2a1304
    • Opcode Fuzzy Hash: 525887afc6986384a1777d0c8198f2eafd939100db725deedb62a7a51ad00a5e
    • Instruction Fuzzy Hash: 0F315E31B1AA42E5EE51BB46A8009B923A4FF48BA4F594735DD5DCE798FE3CE4848300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD57420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF66DD58BD0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF66DD52A9B), ref: 00007FF66DD58C0A
    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF66DD579A1,00000000,?,00000000,00000000,?,00007FF66DD5153F), ref: 00007FF66DD5747F
      • Part of subcall function 00007FF66DD52B10: MessageBoxW.USER32 ref: 00007FF66DD52BE5
    Strings
    • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF66DD57493
    • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF66DD574DA
    • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF66DD57456
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
    • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
    • API String ID: 1662231829-3498232454
    • Opcode ID: 22c74f2aeb27d9e2e1b9200df4b4c47419f48150c37f7df49e9ad082d6edf2be
    • Instruction ID: 176fbaa1b2497666a7da5ebb87201aa8cad5b09301fa272f255b80534e31d5b2
    • Opcode Fuzzy Hash: 22c74f2aeb27d9e2e1b9200df4b4c47419f48150c37f7df49e9ad082d6edf2be
    • Instruction Fuzzy Hash: 97316021F19682E0FA20BB2599153BE62B1EF987C4F944635DA4ECA7D6FE2CF1058740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD58BD0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
    Download Yara Rule
    APIs
    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF66DD52A9B), ref: 00007FF66DD58C0A
      • Part of subcall function 00007FF66DD529C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF66DD588E2,?,?,?,?,?,?,?,?,?,?,?,00007FF66DD5101D), ref: 00007FF66DD529F4
      • Part of subcall function 00007FF66DD529C0: MessageBoxW.USER32 ref: 00007FF66DD52AD0
    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF66DD52A9B), ref: 00007FF66DD58C90
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ByteCharMultiWide$ErrorLastMessage
    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
    • API String ID: 3723044601-876015163
    • Opcode ID: 8b746091e8d54f9d951026cc617a7aeabec9110d911e03e0d2f253015d9281f0
    • Instruction ID: 10e9b020ec29ba880be01053819071b5b2d27695f39169f90469eac4566e507c
    • Opcode Fuzzy Hash: 8b746091e8d54f9d951026cc617a7aeabec9110d911e03e0d2f253015d9281f0
    • Instruction Fuzzy Hash: 6F217322B18A42D1EB50EB29F800069A771FB857C8F584635DF4CDBB69FF2CE5518700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD58650 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
    • String ID:
    • API String ID: 995526605-0
    • Opcode ID: 09af4e1d1a68aac14f11794f91bb1aca58113b247625a6be8eeac8dd3651ce95
    • Instruction ID: e4637202bc7b05e29d37095f2533cb51957845c4ab01ac2879cf027b4783eee2
    • Opcode Fuzzy Hash: 09af4e1d1a68aac14f11794f91bb1aca58113b247625a6be8eeac8dd3651ce95
    • Instruction Fuzzy Hash: AA214431A08643C6EB10AB59E44427AA3B0FF857A5F500335DA6D8BBE5FF7CE4458B40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6BCF0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: 0ee19574a0982cf08fa92601851437d03fc808c1e3de2497ccb5992d3d317d40
    • Instruction ID: a3f8d60a032666482cdd7752d629d5282e1ef4aae57c932266b34110c115dc4b
    • Opcode Fuzzy Hash: 0ee19574a0982cf08fa92601851437d03fc808c1e3de2497ccb5992d3d317d40
    • Instruction Fuzzy Hash: 41210720E0C682C2FA697736965527D72B29F447A0F154734E92ECE6D6FE3CB4018B80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD78B9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
    • String ID: CONOUT$
    • API String ID: 3230265001-3130406586
    • Opcode ID: c684c657c71cc66e393495913d92b804321d58ad0ed46cdbde63fde403b390ba
    • Instruction ID: 7232e7061b3943503a77810d757fd09627251cd9b755ecf95c8cde310bdf11ed
    • Opcode Fuzzy Hash: c684c657c71cc66e393495913d92b804321d58ad0ed46cdbde63fde403b390ba
    • Instruction Fuzzy Hash: F9118E21A18A41DAE350AB56E88432977B0FB88BE4F040334EE5DCB794EF3CE5448740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD58970 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 59COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00007FF66DD58650: GetCurrentProcess.KERNEL32 ref: 00007FF66DD58670
      • Part of subcall function 00007FF66DD58650: OpenProcessToken.ADVAPI32 ref: 00007FF66DD58681
      • Part of subcall function 00007FF66DD58650: GetTokenInformation.ADVAPI32 ref: 00007FF66DD586A6
      • Part of subcall function 00007FF66DD58650: GetLastError.KERNEL32 ref: 00007FF66DD586B0
      • Part of subcall function 00007FF66DD58650: GetTokenInformation.ADVAPI32 ref: 00007FF66DD586F0
      • Part of subcall function 00007FF66DD58650: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF66DD5870C
      • Part of subcall function 00007FF66DD58650: CloseHandle.KERNEL32 ref: 00007FF66DD58724
    • LocalFree.KERNEL32(00000000,00007FF66DD53B4E), ref: 00007FF66DD589FC
    • LocalFree.KERNEL32 ref: 00007FF66DD58A05
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PATH_MAX!
    • API String ID: 6828938-1817031585
    • Opcode ID: e69f9d860e0369a2c3572a61a1d791fb4b8f0ac012e48f997b8c265c1e7a2feb
    • Instruction ID: 4bea5bbd06bd295cff3fe4d4dbdf3a203b25bd4e8f7e2954353553ae36c19755
    • Opcode Fuzzy Hash: e69f9d860e0369a2c3572a61a1d791fb4b8f0ac012e48f997b8c265c1e7a2feb
    • Instruction Fuzzy Hash: 41213A31A28787D1FA50BB60E8056F96371EF44780F840732E94EDB696FE3CE5048740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6BE68 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(?,?,?,00007FF66DD65AAD,?,?,?,?,00007FF66DD6F79F,?,?,00000000,00007FF66DD6BF86,?,?,?), ref: 00007FF66DD6BE77
    • FlsSetValue.KERNEL32(?,?,?,00007FF66DD65AAD,?,?,?,?,00007FF66DD6F79F,?,?,00000000,00007FF66DD6BF86,?,?,?), ref: 00007FF66DD6BEAD
    • FlsSetValue.KERNEL32(?,?,?,00007FF66DD65AAD,?,?,?,?,00007FF66DD6F79F,?,?,00000000,00007FF66DD6BF86,?,?,?), ref: 00007FF66DD6BEDA
    • FlsSetValue.KERNEL32(?,?,?,00007FF66DD65AAD,?,?,?,?,00007FF66DD6F79F,?,?,00000000,00007FF66DD6BF86,?,?,?), ref: 00007FF66DD6BEEB
    • FlsSetValue.KERNEL32(?,?,?,00007FF66DD65AAD,?,?,?,?,00007FF66DD6F79F,?,?,00000000,00007FF66DD6BF86,?,?,?), ref: 00007FF66DD6BEFC
    • SetLastError.KERNEL32(?,?,?,00007FF66DD65AAD,?,?,?,?,00007FF66DD6F79F,?,?,00000000,00007FF66DD6BF86,?,?,?), ref: 00007FF66DD6BF17
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: 81df9579e83e1cd669c12650860727807aeb5bcb80b4cbbf71287ed99d1ace91
    • Instruction ID: 3c08038d18ee9b8aa99c309148f3637933935ef9cd36ef0b3fdf1dfc081a5016
    • Opcode Fuzzy Hash: 81df9579e83e1cd669c12650860727807aeb5bcb80b4cbbf71287ed99d1ace91
    • Instruction Fuzzy Hash: 0B113820A0C682C2FA64B776969113D72769F447A0F150734FA2ECE6D6FE3CB4418781
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD525E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
    • String ID: Unhandled exception in script
    • API String ID: 3081866767-2699770090
    • Opcode ID: 66c833e6ed6def9769710971e31309989410471a98400d4f2f52bf1597ed673f
    • Instruction ID: af56224645c411c0dd330198e96cf18964ec841e6def874ea86801086ea3d966
    • Opcode Fuzzy Hash: 66c833e6ed6def9769710971e31309989410471a98400d4f2f52bf1597ed673f
    • Instruction Fuzzy Hash: 3C311E72A09A82D9EB20EF65E8556FD6370FF88788F440235EA4D8BA55EF3CD1458740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD529C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF66DD588E2,?,?,?,?,?,?,?,?,?,?,?,00007FF66DD5101D), ref: 00007FF66DD529F4
      • Part of subcall function 00007FF66DD58560: GetLastError.KERNEL32(00000000,00007FF66DD52A3E,?,?,?,?,?,?,?,?,?,?,?,00007FF66DD5101D), ref: 00007FF66DD58587
      • Part of subcall function 00007FF66DD58560: FormatMessageW.KERNEL32 ref: 00007FF66DD585B6
      • Part of subcall function 00007FF66DD58BD0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF66DD52A9B), ref: 00007FF66DD58C0A
    • MessageBoxW.USER32 ref: 00007FF66DD52AD0
    • MessageBoxA.USER32 ref: 00007FF66DD52AEC
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Message$ErrorLast$ByteCharFormatMultiWide
    • String ID: %s%s: %s$Fatal error detected
    • API String ID: 2806210788-2410924014
    • Opcode ID: a22562a3e5708768cb0d15f904b55a8b62d2097d7bb286fe6f48fe5cd4d63a9f
    • Instruction ID: 734471be9aad7953d49beeb7abb3ca2a552e5fd2e360b8e258d0caee30c161d9
    • Opcode Fuzzy Hash: a22562a3e5708768cb0d15f904b55a8b62d2097d7bb286fe6f48fe5cd4d63a9f
    • Instruction Fuzzy Hash: 37316872628A85D1E730FB14E4516EA7374FF84784F804236E68D9BA99EF3CE645CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6A5F8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: 8b09857164704210b2e0253d11d0b3fe713c31e540e9fb1e205907d45fa6ef0f
    • Instruction ID: c4f13562a7779757fbc2ccfe26ec512f53030c004f952888555a3babafcf54a4
    • Opcode Fuzzy Hash: 8b09857164704210b2e0253d11d0b3fe713c31e540e9fb1e205907d45fa6ef0f
    • Instruction Fuzzy Hash: A9F09661B09B46D5FB10AB68E4447796330EF89765F541335CAAECE2E4EF2CE049C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD7A220 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _set_statfp
    • String ID:
    • API String ID: 1156100317-0
    • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
    • Instruction ID: 2e8583723b421e8b60d23c5e7b2459f19d23d022fb6edd8264848c1808bac06f
    • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
    • Instruction Fuzzy Hash: 4A11C122E9CA03F1FA5431A5E446F7921606F98370E6537B5F96ECE3D6AE2DF8408301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6BF30 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
    Download Yara Rule
    APIs
    • FlsGetValue.KERNEL32(?,?,?,00007FF66DD6B147,?,?,00000000,00007FF66DD6B3E2,?,?,?,?,?,00007FF66DD636AC), ref: 00007FF66DD6BF4F
    • FlsSetValue.KERNEL32(?,?,?,00007FF66DD6B147,?,?,00000000,00007FF66DD6B3E2,?,?,?,?,?,00007FF66DD636AC), ref: 00007FF66DD6BF6E
    • FlsSetValue.KERNEL32(?,?,?,00007FF66DD6B147,?,?,00000000,00007FF66DD6B3E2,?,?,?,?,?,00007FF66DD636AC), ref: 00007FF66DD6BF96
    • FlsSetValue.KERNEL32(?,?,?,00007FF66DD6B147,?,?,00000000,00007FF66DD6B3E2,?,?,?,?,?,00007FF66DD636AC), ref: 00007FF66DD6BFA7
    • FlsSetValue.KERNEL32(?,?,?,00007FF66DD6B147,?,?,00000000,00007FF66DD6B3E2,?,?,?,?,?,00007FF66DD636AC), ref: 00007FF66DD6BFB8
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 4e03a785267527999042f713a3935151f7ece8db95abf54a9fb70bd1f5489e34
    • Instruction ID: 01d0f0c8fa00a14b21b34267567cb0c2ae99aa550d7eef71de5faf1dde8d2446
    • Opcode Fuzzy Hash: 4e03a785267527999042f713a3935151f7ece8db95abf54a9fb70bd1f5489e34
    • Instruction Fuzzy Hash: F6112920E08682C1FA98B736959117D32B69F843A0F155734F92DCE6E6FE3DB4068780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6BDC4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 212ab8644362d2b5fddc8e950eddb9ed53924d62a1b5ee0e8481b764f8be921c
    • Instruction ID: 4ae3685b0a669ce6268380a2c17d8a5706f88ddedc78fe03faabd2fb2dc046fb
    • Opcode Fuzzy Hash: 212ab8644362d2b5fddc8e950eddb9ed53924d62a1b5ee0e8481b764f8be921c
    • Instruction Fuzzy Hash: 9D11E310E08686C1F969B276546117D32728F45360E151734EA3ECE2D3FE3CB4118391
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD66A94 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: verbose
    • API String ID: 3215553584-579935070
    • Opcode ID: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
    • Instruction ID: a030dd9512017a03dc958e1cd050ec4ccaf75ea140c40ba993d7e53508b06746
    • Opcode Fuzzy Hash: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
    • Instruction Fuzzy Hash: 8C91AE32A08AC6C1E721AE26D85037D7BB4EB40B58F454276DA5DCB3D5EE3DE84587C0
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD70B88 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: UTF-16LEUNICODE$UTF-8$ccs
    • API String ID: 3215553584-1196891531
    • Opcode ID: d575cc9c9c6fff3bb6b887c91fcc14de71c27d2c4b886d2e4095e12dd43ef316
    • Instruction ID: bebd61ad1c56d437dcf31969e3493046b73a641ab30aa0309e127ca5b224181c
    • Opcode Fuzzy Hash: d575cc9c9c6fff3bb6b887c91fcc14de71c27d2c4b886d2e4095e12dd43ef316
    • Instruction Fuzzy Hash: C581B032E08202E5F7A56F27855127836B0AB11BC8F5582B1EA0DDFAD5FE2EF9418701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5CD70 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
    • String ID: csm
    • API String ID: 2395640692-1018135373
    • Opcode ID: 4e145a519d1e56cfcb6aecf34f39f1bb90b218c54cd5e4365c61506f758ddca0
    • Instruction ID: 25f9510c4ee33b76924f045c9f2cc701247ad87da05d4893ef109ff958fbb9fd
    • Opcode Fuzzy Hash: 4e145a519d1e56cfcb6aecf34f39f1bb90b218c54cd5e4365c61506f758ddca0
    • Instruction Fuzzy Hash: 1F51B636B1A601CADB14EB19D444A7C37B5EB44B98F514231EA5D8B784FF7CE895C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5F5F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: CallEncodePointerTranslator
    • String ID: MOC$RCC
    • API String ID: 3544855599-2084237596
    • Opcode ID: 42e7225603c31ac0345d399652e63b89c05e0963da81407f23d94035f534052b
    • Instruction ID: 7a567f768ecc028a22bd323e6c78f8838bc8205bc2545a4cd2a324579929e276
    • Opcode Fuzzy Hash: 42e7225603c31ac0345d399652e63b89c05e0963da81407f23d94035f534052b
    • Instruction Fuzzy Hash: 33618172908BC5C1D760AB25E4407AABBA0FB95794F044335EB9C9BB95EF3CD191CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD5F9A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
    • String ID: csm$csm
    • API String ID: 3896166516-3733052814
    • Opcode ID: 723dedddd72afc6468d282760165df683ca6c1680e5e3aacb3d58d0999c557cb
    • Instruction ID: 46683b76510cbce4896ce6c20ec03beb0176004b8d7ba339d6a4cf2f3942f776
    • Opcode Fuzzy Hash: 723dedddd72afc6468d282760165df683ca6c1680e5e3aacb3d58d0999c557cb
    • Instruction Fuzzy Hash: B0514C32908282CAEB74AF26955426977B0FB95B98F144235DB8DCFB95EF3CF4508701
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD52870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Message$ByteCharMultiWide
    • String ID: %s%s: %s$Fatal error detected
    • API String ID: 1878133881-2410924014
    • Opcode ID: 88149bfc2a28579845b544d32f14f9b1101eddfde92b8430b51e14ba55e9a319
    • Instruction ID: 815564f4c5c748bbce33b85e76034b22983fa68508608367c80db974aab8a116
    • Opcode Fuzzy Hash: 88149bfc2a28579845b544d32f14f9b1101eddfde92b8430b51e14ba55e9a319
    • Instruction Fuzzy Hash: C4313472628682D1E730FB15E4516EA7374FF84784F804236E68D8BA99EF3CE645CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD53EB0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
    Download Yara Rule
    APIs
    • GetModuleFileNameW.KERNEL32(?,00007FF66DD539CA), ref: 00007FF66DD53EE1
      • Part of subcall function 00007FF66DD529C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF66DD588E2,?,?,?,?,?,?,?,?,?,?,?,00007FF66DD5101D), ref: 00007FF66DD529F4
      • Part of subcall function 00007FF66DD529C0: MessageBoxW.USER32 ref: 00007FF66DD52AD0
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ErrorFileLastMessageModuleName
    • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
    • API String ID: 2581892565-1977442011
    • Opcode ID: 83b392c3a1d8c6461ef05c73b114d4a321837aa147d3d053d1040a026c8207d7
    • Instruction ID: fc5e6a4b8073304f97dd56c2f71cf8d7f62cd9d398d08f193fbfea5871933048
    • Opcode Fuzzy Hash: 83b392c3a1d8c6461ef05c73b114d4a321837aa147d3d053d1040a026c8207d7
    • Instruction Fuzzy Hash: 0C014F71B1D642E5FA61B724E8163B522B1FF58784F801636E84ECE296FE2CF1498710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6D140 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: FileWrite$ConsoleErrorLastOutput
    • String ID:
    • API String ID: 2718003287-0
    • Opcode ID: d9e9b6a0e803154a8816c19f60390c13506db3debf7fa671d8e2b76ca9c696ed
    • Instruction ID: aae72d4b17d66e2b89ed7ded727b29dbbc55608c8917ab79420f8ce2816d17fe
    • Opcode Fuzzy Hash: d9e9b6a0e803154a8816c19f60390c13506db3debf7fa671d8e2b76ca9c696ed
    • Instruction Fuzzy Hash: EBD1D172B08A81D9E711DF6AE4402AC3775EB85798F644235CE5DDBB99EE38E406C380
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6DB00 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
    Download Yara Rule
    APIs
    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF66DD6DAEB), ref: 00007FF66DD6DC1C
    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF66DD6DAEB), ref: 00007FF66DD6DCA7
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ConsoleErrorLastMode
    • String ID:
    • API String ID: 953036326-0
    • Opcode ID: 22d3a6457501795b59bf01a2dac9296c2ae100d567842b84d6240295c9042c5f
    • Instruction ID: 0533bb0428ec684f3d64687555b7e5ab74e61800af4c38e000bf090585a64727
    • Opcode Fuzzy Hash: 22d3a6457501795b59bf01a2dac9296c2ae100d567842b84d6240295c9042c5f
    • Instruction Fuzzy Hash: A691C872F08695D5F750BF6AA8402BD3BB4BB84B98F244235DE0E9B685EF78E441C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD702CC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _get_daylight$_isindst
    • String ID:
    • API String ID: 4170891091-0
    • Opcode ID: d633cea6ef98d02e7ff3f8296ba5b244dd0af1af742495bf1b1bafc2113ebc24
    • Instruction ID: 27c6318c920f7a51737d07226aed4b1a451dc5572e99e7644a77e4923ec81245
    • Opcode Fuzzy Hash: d633cea6ef98d02e7ff3f8296ba5b244dd0af1af742495bf1b1bafc2113ebc24
    • Instruction Fuzzy Hash: B351E672F04211DAEB24EF65D9956BC2775AB4039CF100335DE1E9AAE5EF3DB4428700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD65E34 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
    • String ID:
    • API String ID: 2780335769-0
    • Opcode ID: c83329a2bd18a21367976a5c4af3d00e11dcc87eb128c326a6acb0b8d0e7847d
    • Instruction ID: 17030bb926630c7e078752a0732041664d5ef0bee61d9912bf0f8f082bd48545
    • Opcode Fuzzy Hash: c83329a2bd18a21367976a5c4af3d00e11dcc87eb128c326a6acb0b8d0e7847d
    • Instruction Fuzzy Hash: E2516222E18681CAFB10EF72D4503BD37B1AF58B58F144635EE4D9BA86EF38D4858790
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD65CE0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
    • String ID:
    • API String ID: 1279662727-0
    • Opcode ID: eaa23331f25f2e51c26c40c7f22f67132b8e6c9fb57ddc49ae46cd87a565a1ae
    • Instruction ID: 2ee0725905621b75e0b0d5825230241b655fc4082cf5e529f4e0a4a673250fb3
    • Opcode Fuzzy Hash: eaa23331f25f2e51c26c40c7f22f67132b8e6c9fb57ddc49ae46cd87a565a1ae
    • Instruction Fuzzy Hash: CA418F62D187C2C3E754AB62954437D7370FB947A4F109334EA9C8BAD6EF6CA5E08780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD52310 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: LongWindow$DialogInvalidateRect
    • String ID:
    • API String ID: 1956198572-0
    • Opcode ID: b05b5568a63e2e2d0baaa3588e58b47743bee96d0fa3dc0d735729d29a60f88b
    • Instruction ID: 1367b53921a736f1f1d40a9ad9b84714f13163d3473d27716f6b80b2a2a3610f
    • Opcode Fuzzy Hash: b05b5568a63e2e2d0baaa3588e58b47743bee96d0fa3dc0d735729d29a60f88b
    • Instruction Fuzzy Hash: 2D11A931A08142C2F764AB69E5442B916B1EB85B84F444235DA498EB99ED2CE4C94700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD7686C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: _get_daylight$_invalid_parameter_noinfo
    • String ID: ?
    • API String ID: 1286766494-1684325040
    • Opcode ID: 0930287eedd1917940a0480c2dd6402272712f8c6384c3a7c216d5b4ae975781
    • Instruction ID: da45a7ac54ef35153de8771cef874380783f13e0760c6bd4be5b92093b2ee8d4
    • Opcode Fuzzy Hash: 0930287eedd1917940a0480c2dd6402272712f8c6384c3a7c216d5b4ae975781
    • Instruction Fuzzy Hash: E0410B22A08282E2F7A4AB26D44177E6670EF80BA4F144375EE5C8EAD5FF3CE441C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD69B84 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
    Download Yara Rule
    APIs
    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF66DD69BB6
      • Part of subcall function 00007FF66DD6B4EC: HeapFree.KERNEL32(?,?,?,00007FF66DD73972,?,?,?,00007FF66DD739AF,?,?,00000000,00007FF66DD73E75,?,?,00000000,00007FF66DD73DA7), ref: 00007FF66DD6B502
      • Part of subcall function 00007FF66DD6B4EC: GetLastError.KERNEL32(?,?,?,00007FF66DD73972,?,?,?,00007FF66DD739AF,?,?,00000000,00007FF66DD73E75,?,?,00000000,00007FF66DD73DA7), ref: 00007FF66DD6B50C
    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF66DD5C125), ref: 00007FF66DD69BD4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
    • String ID: C:\Users\user\Desktop\hv7H7u7IvS.exe
    • API String ID: 3580290477-2896458556
    • Opcode ID: f41bca3c60c2b35ddc9f50a7c6ece592f9eb92d123b0ffd90266884ce268fb58
    • Instruction ID: 7e6379b7b020fc58445e743269e462a057621a808be4d6f391a634c4afb30146
    • Opcode Fuzzy Hash: f41bca3c60c2b35ddc9f50a7c6ece592f9eb92d123b0ffd90266884ce268fb58
    • Instruction Fuzzy Hash: DE411031A08A92C5EB14FF2698901BD76B8EF447D4F555235E94D8B785EF39E4818380
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6D7D8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID: U
    • API String ID: 442123175-4171548499
    • Opcode ID: 1c4d8f885a23e91b6f023f5bba01b3d5456b675b65fc2396528dfcf9b2bee20e
    • Instruction ID: fbe3ae1dc73f1bbeba85970159800aa802aced6d2238f5dabc4266a6539245eb
    • Opcode Fuzzy Hash: 1c4d8f885a23e91b6f023f5bba01b3d5456b675b65fc2396528dfcf9b2bee20e
    • Instruction Fuzzy Hash: C441B122A18A85D5DB60AF26E8443AD7771FB98794F944231EE4DCB788EF3CD541C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD6FEF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: CurrentDirectory
    • String ID: :
    • API String ID: 1611563598-336475711
    • Opcode ID: 5e105f0e2b368d3f9dedb3a7fc5cc25de905b31730642d2b5143ffde5ed086ab
    • Instruction ID: db880b03a01f6aa9db84d83da6fe518ef7c478c7543345afa841f9f3d7796b95
    • Opcode Fuzzy Hash: 5e105f0e2b368d3f9dedb3a7fc5cc25de905b31730642d2b5143ffde5ed086ab
    • Instruction Fuzzy Hash: 5A217323A08A81C5EB20AB36D44426D73B2FB84B44F558235D68DCB6C5EF7CE5498791
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD52C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: Message$ByteCharMultiWide
    • String ID: Error detected
    • API String ID: 1878133881-3513342764
    • Opcode ID: 04587b85e8c5a5f01c124244adb340557da1a3c376205467b785ddfdae2ba4e1
    • Instruction ID: a0d3fe2ee94bfd8922454df7b24520ca08e3cf5af1da88423b61b260d5a00117
    • Opcode Fuzzy Hash: 04587b85e8c5a5f01c124244adb340557da1a3c376205467b785ddfdae2ba4e1
    • Instruction Fuzzy Hash: D7217972628685D1E730EB14F4516EA7374FF84788F805236E68D8B995EF3CD215CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD60468 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: ExceptionFileHeaderRaise
    • String ID: csm
    • API String ID: 2573137834-1018135373
    • Opcode ID: c8cc4bb08b20690d02c8bce5cff6a9b5d4d552f887a177c474232a7ea1470dcf
    • Instruction ID: b98786a79bc40b2739e44fe663001997871245cecace9a4a4147b8d36f50a984
    • Opcode Fuzzy Hash: c8cc4bb08b20690d02c8bce5cff6a9b5d4d552f887a177c474232a7ea1470dcf
    • Instruction Fuzzy Hash: DD112E32618B8182EB619F26F54026D77E4FB88B94F584230DACD4B759EF3CE5518740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF66DD709FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1684853065.00007FF66DD51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66DD50000, based on PE: true
    • Associated: 00000000.00000002.1684836664.00007FF66DD50000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684887564.00007FF66DD7C000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD8F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684913351.00007FF66DD91000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1684948511.00007FF66DD93000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ff66dd50000_hv7H7u7IvS.jbxd
    Similarity
    • API ID: DriveType_invalid_parameter_noinfo
    • String ID: :
    • API String ID: 2595371189-336475711
    • Opcode ID: 0bb087a2c4c4f6707d1aaf47450714c5cfb5908953c580e39f9c8bdb8a3b6409
    • Instruction ID: 899d1a53979fa37bd02029a1e6aae63318d69cc6f671729e7558668c32cac0ae
    • Opcode Fuzzy Hash: 0bb087a2c4c4f6707d1aaf47450714c5cfb5908953c580e39f9c8bdb8a3b6409
    • Instruction Fuzzy Hash: C9015A62D18646D6EB30BB61946127E63B4EF44748F841235E94DCA6C2FE2DE544CB14
    Uniqueness

    Uniqueness Score: -1.00%