Sample details: 0db901fbae8d68b4f41d3fe7055d2ace --

Hashes
MD5: 0db901fbae8d68b4f41d3fe7055d2ace
SHA1: 251e88e58616568152c96ca35a4ca3c2442dfd48
SHA256: 9d0d9f79afa9b569fe42a1dc12a9654d1783264ed087dfd07f39914a2bd36744
SSDEEP: 6144:tdbq47y5T5VNbPqnmStnjCctfgbm6Kvhs28oLAhr+jo8tW1ZH3rsRD7Erz:rqV5T5VRPqm6jztEmEo8AjVw/H0E
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation |
Source
http://eowxgliaujppfl7m.onion.link/hj2gr/public/tsfUlOc.bin
http://eowxgliaujppfl7m.onion.link/hj2gr/public/tsfUlOc.bin
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
B.gdata
@.agnt
QQQQjdXPPPPh
URPQQh
;t$,v-
UQPXY]Y[
Tt1jhZ;
t	j-Xf
t0jXXf
~$+~8+
F2jgYf;
< t1<	t-
u0jAXf;
u0jAXf;
Wj0XPV
WWWPWS
u-PWWS
SSVWh 
f9:t!V
QQSWj0j@
j,h`tA
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
v	N+D$
v	N+D$
Unknown exception
bad allocation
bad array new length
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
operator co_await
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
CorExitProcess
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
"B <1=
_hypot
_nextafter
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.rsrc$01
.rsrc$02
ExitProcess
KERNEL32.dll
GetUpdatedClipboardFormats
AddClipboardFormatListener
PeekMessageW
RemoveClipboardFormatListener
DestroyWindow
CreateWindowExW
OpenClipboard
LoadBitmapW
SetClipboardData
CloseClipboard
USER32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
LCMapStringW
GetFileType
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
CreateFileW
DecodePointer
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
dL;^$=I
)BRe]E
\gasI%
#^gaRg
'^gacg
+^gaKg
/^gaVg
3^gaVg
7^gaCg
*^garI
`_gaWg
d_gaGg
h_ga[g
^_galg
F^galg
J^gaQg
N^gavg
R^gaCg
_ga""t
m_gaLg
q_gatg
u_gamg
y_gaAg
}_gaLg
n_gas*
D_gaug
H_gaGg
L_gaVg
P_gaog
T_gaPg
w^gaLg
{^gatg
C^gaNg
f^gaeg
j^gaMg
n^gaLg
r^gaLg
V^gaag
Z^gaVg
^^gaMg
f^gasI!
"_gaGg
&_gaVg
*_gaEg
._gaWg
2_ga[g
6_gaAg
:_gaVg
>_gaMg
\gapII
<^gaVg
>^gapIM
b\garI
  "`vW
(* a$"
Z^gas*
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
	0$0-050C0L0i0
1C1H1O1X1w1
3*3/343U3Z3g3
3a4j4u4|4
5#5-575G5W5g5p5
7.7C7J7P7b7l7
8^8m8v8
8$9J9S9Y97:W:a:
:C;L;Q;w;|;
<3<9<N<f<l<|<
='=5=P=[=
><>P>W>
J0u0%181
2-3U3a3~4
5!5+595T5e5q5
6"6.6B6X6~6
7$7)7.7U7^7c7h7
8,868[8m8y8
:":.:<:L:a:x:
1\2`2d2h2l2p2t2x2
417M7Q7U7Y7]7a7e7i7m7q7u7y7
080@0Y0k0w0
535`5{5
5!6U6|6
7%7;7R7Y7e7x7}7
8"8/8A8I8S8\8m8
9U9b9m9w9}9
:K:T:b:t:
?,?8?Q?d?
1.2425:#;-;:;m;
;)<0<C<s<
=$=;=C=j=
>6>A>F>K>f>p>
?;?F?K?P?q?
	0%00050:0X0{0
141F1R1`1
:m: <p<
0&0[0l0
8"9)999H9O9g9n9
=@=R=X=
2%343F3X3t3
4)484B4O4Y4i4
5&7S7t7y7
:';,;2;7;
<C<J<U<c<j<p<
0$060W0i0{0
7(777[7
9&939J9
5	606;6K6
7.787W7u7
9(:D:w:
2&2]2d2i5
=G=w=,>
;(;3;@;R;
;7<L<U<^<t<
2 3J3R3o3
5H5e5y5
8k8l9|9
:':2:8:A:
1;5>6O6
869;9M9k9
5;6@6D6H6L6
,141@1D1H1L1P1\1`1d1
2034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
< <$<(<,<0<4<8<D<L<P<T<X<\<
7 7$7(7,7074787<7@7L7P7T7X7\7`7d7h7l7p7t7x7|7
T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
6$6,646<6D6L6T6\6d6l6t6|6
<L=P=`=d=l=
> >0>4>D>H>P>h>
T1X1t1x1
2(2H2P2T2p2
303<3X3x3
484X4x4
585X5t5x5
01`1p1
7 7$7(7,7074787<7@7D7P7T7X7\7`7d7h7l7
f3"i3"i3"i3"i
<"i3"i3"i3"i3
t,.7mD
-i3"i3"i3"
"i3"i3"i3"i3e
"i3"i3"i3"i3e
-i3"i3"i3"i3"i3
f3"i3"i3
0>ed<"i
t)M<1Z
k/[6nD
k../md
f3"i3"i3"i3"i3
1>ed<e
<"i3"i3
-i3"i3"i3"i3"i
i3"i3"i3"i3"i3n
>\///>
&'x'-MH
S"6x'7K<3}"6|
!/f"6x'5
f3"i3"i
eI|*Ev
6-i3"i3"i3"i3"i&.|
{>7X"7ft
|67X"7|?7D#
<"i3"i3"i3"i3"i3
f3"i3"i3"i3"i3"
i3"i3"i3"i
.5evt7.7ec
-i3"i3"i3"i3
f3"i3"i3"i3"i
t$?O.6
t$.,e|t&.9
u|!Zt),
kUt%.==Ot
[Ut%.==O
/ek|!Z,
q3"i3)
H8.0/L
Qt8.7/O
-i3"i3"i3"i3
t).1/M
\Yw%'H_#
Um[Y"a_`
o'|j yi-vd.sc+p~4m}1jx2gw?dr8aq
@.d=-a:(b7'o4"h1!u.<v+;s(6|%5y"0z
n$}m!zh"wg/tb(qa5n|6k{3hv<eu9bp:_O
AQe>,f;+c8&l5%i2 j/?w,:p)9}&4~#3{ 
o'|j yi-vd.sc+p~4m}1jx2gw?dr8aq
@.d=-a:(b7'o4"h1!u.<v+;s(6|%5y"0z
n$}m!zh"wg/tb(qa5n|6k{3hv<eu9bp:_O
AQe>,f;+c8&l5%i2 j/?w,:p)9}&4~#3{ 
2"h3"i3"i3
^)0	k~
S"l&;g
l#mZ>-5Me
fsb5sq
IN/,8n
&fW0#[
QmD@b%6n
HV(NT:
</`<gc
.x]$,x
tU-`m)
-{l'|>=
e/*;d!j[Jb
Z<^_0"N-
a\v|=s
(T?fnH
03>gO|
KKg &m\
T( <@i
RT w5ny
>ljFGlj
w;X@.%
e*RA$G
eLR\|/
gK~:%v
f1U|.Z
.%5a#H5
dZU(c"9
WskAMo
n-[957
s&ts[`
VAo}B}4
'0CI:r
#j%4|r[
?&gaqFO
7'Mw],h
!)6x2'Dv\
hv?R5Zw
vBj#D[q	
<>q$6tqVc
gq32anA
,!S,>.H/
R8CB	/
n!KE%H
<+#taqKz
'{C{#Cit
c.pn8T
A*o;_Q
#>4&E!
GA,<*W
?m_yvDR
{' #{Hs\
>@md4S
f N:_J
~&}V/;
`j&ed,
"5pn9A
Si[ZJ3
%3.>oo5
[>fWYu
oTeM 8*
tZ@\o"#
Zp2/l=%
YU{Z|9
id4%6H
mi+csm
JVU|v,
5|M)<r
"]?Hkj
2Tzx(x
}&c:^T
(n~GS|L
|a7"uf
-``B{7
jCSfD3
F:7lyn
y4'~3kyn
WnF,`.
(vy/95-
|<UL+e(
rV6{2d
k>L"~2
ME|5&,
~>Jxt(r
/1B\%<
Q{?z^a
m;_~G[Mj
2c<~M.
Q!/*M|s~
'"v3eV
Z&[+G2
9z$l(;{
hc9DFu
=TgPQ>
_TEBLJ9
.*{_.W
ya7Zv74
iQoKDF
)9EY0S
Aq"^G'
wwUVYx
L{#,Xb
>lZlYCFb
Y1r{8N
M;7N4ai
.-=g-tQ
j[4g'r
ARw}<I
BE?`	u
9g}R}I
Ho^dlc
&mo&u3Y$sbq3
-.F S	
Vzu{lB
ow$Hzg-
U0zJfv
_)("6U
^Q-xvk
~u_%<Z
uQ=5<:
-9/&7b&k
	)8,xE
L-nO9-Ntu
Y0(JS0
_Mjb	C
a#>/Lz
]/kx.x
AoG(4m7
*qrv&7{
$a)0p"
T@~ht9u
W2ebi%Z!
?TO#4m6
~9kb![
V4)g/O
z;c6~1
<oG	Mb
ni#nj'l
-Et@xU
[&#r-N
Cm'/gZ
?@rTF#
1fUd5H
2 oF;E
Cm_Bo 
tDj#*PX-
;);+cy
yn|E0k
YHZ!Gk
BNB~5G
VOme~xO\9G
A)a:_qd
Ti|8QwI
bjWJ L	
+;CM3sh
?+PSqj_e
v/z2#\t
pf+Ygz8
p~9{Ns
l?k!!]|U
%3N.Om>n
X qKg_
(hed^1
#'&D<2
X~Bseo
%{vnV(
C)zUwJO>r
, o#=E
Ey!n"!
efa 8v/
{V0I(1
!#oIZm
E35|Qy
<Ly,rOV
j|-b,nw
|J}^MW
/weGwk
c<5@-o
#(W89z
Erqf!(O
cTo,YM
CTlbov
~YxCmr
g#{f {0s
&s!QC/
m$sh%0
X[-5V>?4
z,$e= vV
"K[9^:b
.HW%4|
c8.q5++
"G/$x)
JZk{6!
,'{{x,
#]>&wv
.gu_V8
thqgV!
wiQS%%
n?D7~=
+v'2%>
{2|6gTk5
!hbZ 2Ow*:@*
B#&2s|
fl>[:N
'B`1'u
7tQk%~q
DZG%7F
8o{!U*Nt
=g::g>
\#S~m@
r\{*z{
9:._<ET
{,ONkQ=
g%G/# 
mc2{`v>
fu{Yc,
%?_I=J
]WZ"9(
y!]wq=
~y2Ls5
X,,&[#
L"dM2(!
]stWGS(!
8cGbX(
zT~8_?
yzK5`fE
2KN&6E[
.Z{D1	
+|'$Sy
G`K	,o#
Z/Of"*l>
RZ_NNgi
3Kd)J8
-l*xc.}/
:M_I&.
p0kR!}
2l&'	^
&{e!`A
[# #V%
7)l0}i+
tkOxE4
,.p$0{
/U)?3=
g+A/HCye
K:#skwQ:
c$z(zG[
!64o"4|
0MW H#
ng8FKq
*mqR._
 Ll-~K
nS\QbNY
X5DG ^
yQP6X%
Fe*\{nm
U@{];8
Vq-y:Ko
?5n/Ezl
"@y$tU
avMdl7
P9*.g*$O
Zfp>>j
)}O#wW
}[W:d$a
od'5Te
>6m0Lf
oQ[fHmc
9NyX\r
e(dsY 
9.E8zf
F"G"P@w}
!S3Uf@ac_
,)\R?@
Tp+R$(R
U/UI;q!i
w/Sik+
%@g.By
S^!&I}n
7_mX_{n
8ZbTZ}SW
D@|DioQ
:c|eh 
3h\1|o2
	:h`Tah
dIyOA*
}l8v'l
c(s_p*
yh4f/d
;"2#z~
a	|qz>
ZNe#Sz
a	w9=k+pB
A6=x45'
|2Ce8Ct
|YZZHpB%
_"uFSR
~*spM3
+Bg5'f
h$CwjUp
\D~BI1
+KCnLx
#WEQ*/
X}{c*(
(8$V#[
xn`,ae
>0YvU1
zBQR"<
C?r$ ,E
-s!>XB;/
z$p</@
.5?)Ba
#-`~#;
sB={	!r9
O>H7Hs
v4P`5^.
SgR0_V
vncy!,
>b`{Vy
H&Dwl]!>
)09'q 
 'qC~?
Rzhn{K
#gBe0=
!VqDo#
;_\e18A
Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: 
2050 8:26:15 AM (GMT)
Number of repair attempts: 1
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\windows
AutoChk Run = 1
Number of root causes = 0
Test Performed: 
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
Test Performed: 
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms
Test Performed: 
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
Test Performed: 
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
Test Performed: 
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 31 ms
Test Performed: 
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 62 ms
Test Performed: 
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
Test Performed: 
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
Test Performed: 
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 94 ms
Test Performed: 
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
Test Performed: 
---------------------------
Name: Boot status test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
Test Performed: 
---------------------------
Name: Setup state check
Result: Completed successfully. Error code =  0x0
Time taken = 110 ms
Test Performed: 
---------------------------
Name: Registry hives test
Result: Completed successfully. Error code =  0x0
Time taken = 1562 ms
Test Performed: 
---------------------------
Name: Windows boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms
Test Performed: 
---------------------------
Name: Bugcheck analysis
Result: Completed successfully. Error code =  0x0
Time taken = 234 ms
---------------------------
---------------------------