Windows Analysis Report 2GirCpksIO

• o\t{, xrefs: 02941E8E

• Source File: 00000000.00000002.781020135.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false

• Snapshot File: hcaresult_0_2_2930000_2GirCpksIO.jbxd

• API ID:
• String ID: o\t{
• API String ID: 0-2871262171
• Opcode ID: 631a3e53dabccdd958e877223b76de1c63b597dfc24196206a704673b74c149c
• Instruction ID: 822886c321ebaa374c06188583adc976156309acdd8b8bd98e03cdc73b8a4212
• Opcode Fuzzy Hash: 631a3e53dabccdd958e877223b76de1c63b597dfc24196206a704673b74c149c
• Instruction Fuzzy Hash: 0EB148316043468FDB35DE74CA657EA37A2EF91350FD5862ACC8E8B654DB3089C6CB01

Uniqueness Score: -1.00%

• NtAllocateVirtualMemory.NTDLL(AC6A510D), ref: 0293C131

• HNi, xrefs: 0293E656

• Source File: 00000000.00000002.781020135.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false

• Snapshot File: hcaresult_0_2_2930000_2GirCpksIO.jbxd

• API ID: AllocateMemoryVirtual
• String ID: HNi
• API String ID: 2167126740-709816660
• Opcode ID: ed59b83e1d0eb83386aae0944fce43643970a2adc422caa79f18f622ff2cacd0
• Instruction ID: 2d59d22381363dec1469fcf0c3c82ebfb6ff54a9b45bc4be8cd4403ca261894b
• Opcode Fuzzy Hash: ed59b83e1d0eb83386aae0944fce43643970a2adc422caa79f18f622ff2cacd0
• Instruction Fuzzy Hash: 0BA13831604B499BDF329E78CDA17EE3BA6EF46750F54062ADCC9AB252D3308A45CB41

Uniqueness Score: -1.00%

• __vbaAryConstruct2.MSVBVM60(?,004024C4,00000008), ref: 00416800
• __vbaOnError.MSVBVM60(00000000), ref: 00416807
• __vbaR8Str.MSVBVM60(00402180), ref: 00416812
• #703.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041684C
• __vbaStrMove.MSVBVM60 ref: 00416857
• __vbaFreeVar.MSVBVM60 ref: 00416863
• __vbaNew2.MSVBVM60(004021A4,004193C4), ref: 0041687B
• __vbaHresultCheckObj.MSVBVM60(00000000,020DE98C,00402194,00000014), ref: 004168A9
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004021B4,00000140), ref: 004168DD
• __vbaFreeObj.MSVBVM60 ref: 004168EB
• #554.MSVBVM60 ref: 004168ED
• __vbaNew2.MSVBVM60(004021A4,004193C4), ref: 00416906
• __vbaHresultCheckObj.MSVBVM60(00000000,020DE98C,00402194,00000014), ref: 0041692E
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004021B4,000000B8), ref: 0041695A
• __vbaFreeObj.MSVBVM60 ref: 00416962
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00416977
• __vbaObjSet.MSVBVM60(?,00000000), ref: 00416993
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000188), ref: 004169BD
• __vbaNew2.MSVBVM60(00401980, V`), ref: 004169D2
• __vbaFpI4.MSVBVM60 ref: 004169E6
• __vbaHresultCheckObj.MSVBVM60(00000000,00605620,00401EF4,000002C8), ref: 00416A2A
• __vbaFreeObj.MSVBVM60 ref: 00416A32
• __vbaStrCopy.MSVBVM60 ref: 00416A50
• #712.MSVBVM60(?,004021E4,00000000,00000001,000000FF,00000000), ref: 00416A61
• __vbaStrMove.MSVBVM60 ref: 00416A6C
• __vbaStrCmp.MSVBVM60(004021EC,?), ref: 00416A7B
• #554.MSVBVM60 ref: 00416A89
• __vbaNew2.MSVBVM60(004021A4,004193C4), ref: 00416AA1
• __vbaHresultCheckObj.MSVBVM60(00000000,020DE98C,00402194,00000014), ref: 00416AC9
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004021B4,00000140), ref: 00416AF5
• __vbaFreeObj.MSVBVM60 ref: 00416AFD
• __vbaNew2.MSVBVM60(004021A4,004193C4), ref: 00416B16
• __vbaHresultCheckObj.MSVBVM60(00000000,020DE98C,00402194,00000014), ref: 00416B3E
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004021B4,00000060), ref: 00416B64
• __vbaStrMove.MSVBVM60 ref: 00416B79
• __vbaFreeObj.MSVBVM60 ref: 00416B85
• #690.MSVBVM60(Freudianeres,selvfoelgelig,Divisionskampes5,HOSPITANTAKTIVIST), ref: 00416B9F
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00416BB8
• __vbaObjSetAddref.MSVBVM60(?,00605620), ref: 00416BCB
• __vbaLateMemCall.MSVBVM60(?,GoHHm7tJqFWi5VHFhEMOVG3dqkPTt8QP99,00000003), ref: 00416C4F
• __vbaCastObj.MSVBVM60(?,00401F24), ref: 00416C64
• __vbaObjSet.MSVBVM60( V`,00000000), ref: 00416C70
• __vbaFreeObj.MSVBVM60 ref: 00416C7C
• __vbaSetSystemError.MSVBVM60 ref: 00416C95
• __vbaNew2.MSVBVM60(004021A4,004193C4), ref: 00416CBD
• __vbaHresultCheckObj.MSVBVM60(00000000,020DE98C,00402194,00000014), ref: 00416CE5
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004021B4,00000130), ref: 00416D11
• __vbaStrMove.MSVBVM60 ref: 00416D26
• __vbaFreeObj.MSVBVM60 ref: 00416D32
• __vbaNew2.MSVBVM60(004021A4,004193C4), ref: 00416D4B
• __vbaHresultCheckObj.MSVBVM60(00000000,020DE98C,00402194,00000014), ref: 00416D73
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004021B4,00000070), ref: 00416D99
• __vbaFreeObj.MSVBVM60 ref: 00416DA1
• #704.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 00416DCA
• __vbaStrMove.MSVBVM60 ref: 00416DDB
• __vbaFreeVar.MSVBVM60 ref: 00416DE3
• #613.MSVBVM60(?,00000002), ref: 00416E08
• __vbaStrVarMove.MSVBVM60(?), ref: 00416E15
• __vbaStrMove.MSVBVM60 ref: 00416E20
• __vbaFreeVarList.MSVBVM60(00000002,00000002,?), ref: 00416E32
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00416E4E
• __vbaObjSet.MSVBVM60(?,00000000), ref: 00416E6A
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,000000F8), ref: 00416E94
• __vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 00416EA8
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00416EC4
• __vbaObjSet.MSVBVM60(?,00000000), ref: 00416EE0
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000060), ref: 00416F04
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00416F19
• __vbaFpI4.MSVBVM60 ref: 00416F2D
• __vbaI4Var.MSVBVM60(00000002,?,49A4A430,00000000), ref: 00416F53
• __vbaHresultCheckObj.MSVBVM60(00000000,00605620,00401EF4,000002C8), ref: 00416F92
• __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00416FAF
• __vbaFreeVar.MSVBVM60 ref: 00416FBE
• __vbaStrToAnsi.MSVBVM60(?,magtbalancernen,002F6E1A), ref: 00416FE1
• __vbaSetSystemError.MSVBVM60(00000000), ref: 00416FF3
• __vbaFreeStr.MSVBVM60 ref: 00417019
• #536.MSVBVM60(?), ref: 0041703C
• __vbaStrMove.MSVBVM60 ref: 00417047
• __vbaFreeVar.MSVBVM60 ref: 00417053
• __vbaStrCopy.MSVBVM60 ref: 00417061
• __vbaStrCopy.MSVBVM60 ref: 0041706E
• __vbaStrCopy.MSVBVM60 ref: 0041707B
• __vbaStrCopy.MSVBVM60 ref: 00417088
• __vbaNew2.MSVBVM60(00401980, V`), ref: 0041709D
• __vbaObjSet.MSVBVM60(?,00000000), ref: 004170B9
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000158), ref: 004170E3
• __vbaStrCopy.MSVBVM60 ref: 004170F5
• __vbaFreeStr.MSVBVM60 ref: 004170FD
• __vbaFreeObj.MSVBVM60 ref: 00417105
• __vbaStrCopy.MSVBVM60 ref: 00417116
• __vbaStrCopy.MSVBVM60 ref: 00417123
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00417138
• __vbaObjSet.MSVBVM60(?,00000000), ref: 00417154
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000050), ref: 00417178
• __vbaStrCopy.MSVBVM60 ref: 0041718A
• __vbaFreeStr.MSVBVM60 ref: 00417192
• __vbaFreeObj.MSVBVM60 ref: 0041719A
• __vbaStrCopy.MSVBVM60 ref: 004171AB
• __vbaStrCopy.MSVBVM60 ref: 004171B8
• __vbaStrCopy.MSVBVM60 ref: 004171C5
• __vbaNew2.MSVBVM60(00401980, V`), ref: 004171DA
• __vbaObjSet.MSVBVM60(?,00000000), ref: 004171F6
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000048), ref: 0041721A
• __vbaStrCopy.MSVBVM60 ref: 0041722C
• __vbaFreeStr.MSVBVM60 ref: 00417234
• __vbaFreeObj.MSVBVM60 ref: 0041723C
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00417255
• __vbaObjSet.MSVBVM60(?,00000000), ref: 00417271
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000130), ref: 0041729B
• __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 004172B3
• __vbaStrVarMove.MSVBVM60(00000000), ref: 004172BD
• __vbaStrMove.MSVBVM60 ref: 004172CB
• __vbaStrCopy.MSVBVM60 ref: 004172D9
• __vbaFreeStr.MSVBVM60 ref: 004172E1
• __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 004172F3
• __vbaFreeVar.MSVBVM60 ref: 00417302
• __vbaStrCopy.MSVBVM60 ref: 00417313
• __vbaStrCopy.MSVBVM60 ref: 00417320
• __vbaStrCopy.MSVBVM60 ref: 0041732D
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00417342
• __vbaObjSet.MSVBVM60(?,00000000), ref: 0041735E
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000108), ref: 00417388
• __vbaStrCopy.MSVBVM60 ref: 0041739A
• __vbaFreeStr.MSVBVM60 ref: 004173A2
• __vbaFreeObj.MSVBVM60 ref: 004173AA
• __vbaStrCopy.MSVBVM60 ref: 004173BB
• __vbaNew2.MSVBVM60(00401980, V`), ref: 004173D0
• __vbaObjSet.MSVBVM60(?,00000000), ref: 004173EC
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000108), ref: 00417416
• __vbaStrCopy.MSVBVM60 ref: 00417428
• __vbaFreeStr.MSVBVM60 ref: 00417430
• __vbaFreeObj.MSVBVM60 ref: 00417438
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00417451
• __vbaObjSet.MSVBVM60(?,00000000), ref: 0041746D
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000050), ref: 00417491
• __vbaStrCopy.MSVBVM60 ref: 004174A3
• __vbaFreeStr.MSVBVM60 ref: 004174AB
• __vbaFreeObj.MSVBVM60 ref: 004174B3
• __vbaNew2.MSVBVM60(00401980, V`), ref: 004174CC
• __vbaObjSet.MSVBVM60(?,00000000), ref: 004174E8
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000158), ref: 00417512
• __vbaStrCopy.MSVBVM60 ref: 00417524
• __vbaFreeStr.MSVBVM60 ref: 0041752C
• __vbaFreeObj.MSVBVM60 ref: 00417534
• __vbaNew2.MSVBVM60(00401980, V`), ref: 0041754D
• __vbaObjSet.MSVBVM60(?,00000000), ref: 00417569
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000048), ref: 0041758D
• __vbaStrCopy.MSVBVM60 ref: 0041759F
• __vbaFreeStr.MSVBVM60 ref: 004175A7
• __vbaFreeObj.MSVBVM60 ref: 004175AF
• __vbaStrCopy.MSVBVM60 ref: 004175C0
• __vbaStrCopy.MSVBVM60 ref: 004175CD
• __vbaStrCopy.MSVBVM60 ref: 004175DA
• __vbaStrCopy.MSVBVM60 ref: 004175E7
• __vbaNew2.MSVBVM60(00401980, V`), ref: 004175FC
• __vbaObjSet.MSVBVM60(?,00000000), ref: 00417618
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000158), ref: 00417642
• __vbaStrCopy.MSVBVM60 ref: 00417654
• __vbaFreeStr.MSVBVM60 ref: 0041765C
• __vbaFreeObj.MSVBVM60 ref: 00417664
• __vbaStrCopy.MSVBVM60 ref: 00417675
• __vbaStrCopy.MSVBVM60 ref: 00417682
• __vbaNew2.MSVBVM60(004021A4,004193C4), ref: 00417697
• __vbaHresultCheckObj.MSVBVM60(00000000,020DE98C,00402194,00000014), ref: 004176BF
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004021B4,00000060), ref: 004176E9
• __vbaStrMove.MSVBVM60 ref: 00417702
• __vbaFreeObj.MSVBVM60 ref: 0041770E
• __vbaNew2.MSVBVM60(004021A4,004193C4), ref: 00417727
• __vbaHresultCheckObj.MSVBVM60(00000000,020DE98C,00402194,00000014), ref: 0041774F
• __vbaHresultCheckObj.MSVBVM60(00000000,?,004021B4,00000070), ref: 00417779
• __vbaFreeObj.MSVBVM60 ref: 00417785
• #571.MSVBVM60(0000000C), ref: 0041778D
• __vbaNew2.MSVBVM60(00401980, V`), ref: 004177A6
• __vbaObjSet.MSVBVM60(?,00000000), ref: 004177C2
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000188), ref: 004177EC
• __vbaFreeObj.MSVBVM60(?,00778A6C), ref: 00417821
• __vbaStrCopy.MSVBVM60 ref: 00417850
• __vbaStrCopy.MSVBVM60 ref: 0041785D
• __vbaFreeStrList.MSVBVM60(00000002,?,?,2133F510,00005B04,?,?,54273D80,00000002), ref: 0041789A
• __vbaNew2.MSVBVM60(00401980, V`), ref: 004178B6
• __vbaObjSet.MSVBVM60(?,00000000), ref: 004178D8
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000108), ref: 004178FE
• __vbaNew2.MSVBVM60(00401980, V`), ref: 00417917
• __vbaObjSet.MSVBVM60(?,00000000), ref: 00417933
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000178), ref: 00417959
• __vbaFreeStr.MSVBVM60(0000379A,?,001DD3EA,00000002), ref: 0041799C
• __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 004179AE
• Part of subcall function 00418620: __vbaNew2.MSVBVM60(00401980, V`,004179BC), ref: 00418633
• Part of subcall function 00418620: __vbaHresultCheckObj.MSVBVM60(00000000,00605620,00401EF4,000001D4), ref: 0041865D
• __vbaNew2.MSVBVM60(00401980, V`), ref: 004179CF
• __vbaObjSet.MSVBVM60(?,00000000), ref: 004179EB
• __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004021C4,00000138), ref: 00417A11
• __vbaFreeObj.MSVBVM60(?,BBC80000,4202A2AC,1D0EBDC0), ref: 00417A5A